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Abstract 

We  present  new  proofs  of  cut  elimination  for  intuitionistic  and  classical  sequent  calculi.  In  both 
cases  the  proofs  proceed  by  three  nested  structural  inductions,  avoiding  the  explicit  use  of  multi¬ 
sets  and  termination  measures  on  sequent  derivations.  This  makes  them  amenable  to  elegant  and 
concise  representations  in  LF,  which  are  given  in  full  detail. 
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1  Introduction 


Gentzen’s  sequent  calculi  [Gen35]  for  intuitionistic  and  classical  logic  have  been  the  central  tool  in 
many  proof-theoretical  investigations  and  applications  of  logic  in  computer  science  such  as  logic 
programming  (e.g.  [MNPS91])  or  automated  theorem  proving  (e.g.  [Wal90]).  The  central  property 
of  sequent  calculi  is  cut  elimination  (Gentzen’s  Hauptsatz )  which  yields  consistency  of  the  logic  as  a 
corollary.  The  algorithm  for  cut  elimination  may  be  interpreted  computationally,  similar  to  the  way 
that  normalization  for  natural  deduction  may  be  viewed  as  functional  computation.  For  the  case 
of  linear  logic,  this  point  was  made  by  Girard  [Gir87]  and  later  elaborated  by  Abramsky  [Abr93]; 
see  also  [Gal93]  for  a  tutorial  introduction. 

Many  proofs  of  cut  elimination  have  been  given  in  the  literature  yet,  to  our  knowledge,  none  of 
them  have  been  formalized  even  though  this  is  clearly  possible  (see,  for  example,  Matthews  [Mat94] 
pencil-and-paper  analysis  of  cut  elimination  for  the  (V,  -i)  fragment  of  classical  propositional  logic 
in  FSq).  They  are  difficult  to  mechanize  for  a  number  of  reasons  which  in  combination  are  quite 
intimidating.  Most  proofs  require  tedious  data  structures  (such  as  multi-sets)  and  use  complex 
termination  measures.  They  also  involve  global  conditions  on  occurrences  of  parameters  in  sequent 
derivations.  In  this  paper  we  present  new  proofs  of  cut  elimination  for  intuitionistic  and  classical 
sequent  calculi  and  give  their  representations  in  the  logical  framework  LF  [HHP93]  as  implemented 
in  the  Elf  system  [Pfe9l].  Multi-sets  are  avoided  altogether  in  these  proofs,  and  termination 
measures  are  replaced  by  three  nested  structural  inductions.  Parameters  are  treated  as  variables 
bound  in  derivations,  thus  naturally  capturing  occurrence  conditions.  Starting  point  for  the  proofs 
is  Kleene’s  sequent  system  G3  [Kle52],  which  we  derive  systematically  from  the  point  of  view  that 
a  sequent  calculus  should  be  a  calculus  of  proof  search  for  natural  deductions.  It  can  easily  be 
related  to  Gentzen’s  original  and  other  sequent  calculi. 

The  reader  interested  in  structural  cut  elimination  for  intuitionistic  or  classical  logic,  but  not  its 
formalization,  should  be  able  to  follow  this  paper  by  ignoring  the  material  regarding  its  implemen¬ 
tation.  In  order  to  understand  and  appreciate  the  representation  of  the  sequent  calculus  and  the 
proof  of  cut  elimination  the  reader  should  have  a  basic  knowledge  of  the  representation  methodology 
of  LF  and  the  Elf  meta-language;  the  interested  reader  is  referred  to  [HHP93]  and  [MP91,  Pfe91]. 

The  remainder  of  the  paper  is  organized  as  follows.  In  Section  2  we  introduce  a  formulation 
of  the  intuitionistic  sequent  calculus  motivated  from  natural  deduction.  In  Section  3  we  give  a 
notation  for  proof  terms  that  record  the  structure  of  the  sequent  derivation.  This  is  an  important 
intermediate  step  towards  the  representation  of  sequents  in  LF  shown  in  Section  4.  The  proof  of 
admissibility  of  cut  in  the  intuitionistic  sequent  calculus  and  its  implementation  are  the  subject 
of  Section  5.  In  Section  6  we  extend  these  results  to  the  classical  case.  We  conclude  with  an 
assessment  and  some  remarks  about  future  work  in  Section  7.  In  Appendices  A.l  (intuitionistic) 
and  A.2  (classical)  we  give  the  complete  implementations  of  admissibility  of  cut  in  Elf  together 
with  an  automatically  generated  informal  version  of  each  case  in  the  proof.  Appendix  B  gives 
a  formulation  of  cut  elimination  as  a  translation  from  a  sequent  calculus  with  cut  to  a  sequent 
calculus  without  cut.  For  both,  intuitionistic  and  classical  logic,  this  is  a  direct  corollary  of  the 
admissibility  of  cut  in  the  corresponding  cut-free  system. 
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2  Intuit ionistic  Sequent  Calculus 

Logical  frameworks  such  as  hereditary  Harrop  formulas  [MNPS91]  and  LF  [HHP93]  are  inherently 
biased  towards  natural  deduction  because  of  the  strong  correspondence  between  natural  deductions 
and  the  typed  A-expressions  used  for  their  representation.  Finding  an  elegant  encoding  of  sequents 
and  sequent  derivations  in  a  logical  framework  is  therefore  the  first  critical  issue  in  an  implemen¬ 
tation  of  a  proof  of  cut  elimination.  Felty’s  representation  [Fel89]  in  AProlog,  for  example,  uses 
lists  of  hypotheses  which  is  advantageous  for  search  but  makes  a  formal  meta-theory  prohibitively 
complex.  Frameworks  based  on  sequent  calculi  such  as  LU  [Gir93]  or  Forum  [Mil94]  allow  direct 
encodings,  but  they  lack  a  notation  for  the  proof  terms  that  are  required  to  describe  cut  elimination. 

In  this  section  we  develop  a  formulation  of  the  sequent  calculus  for  intuitionistic  logic  by  tran¬ 
scribing  the  process  of  searching  for  a  natural  deduction  into  an  inference  system.  The  proximity 
to  natural  deduction  then  allows  a  high-level  encoding  of  sequent  derivations  in  LF.  The  resulting 
sequent  calculus  is  basically  Kleene’s  system  Gz  [Kle52]  which  he  introduced  to  obtain  a  simple 
decidability  proof  for  its  propositional  fragment.  We  assume  familiarity  with  natural  deduction. 

We  consider  a  complete  set  of  logical  connectives  and  quantifiers  so  that  we  do  not  miss  any 
important  issues.  Atomic  formulas  p(t\, . . . ,  tn)  for  first-order  terms  ti, . . .,  tn  are  denoted  by  P. 

Formulas  A  ::=  P  \  Ai  A  A2  \  Ai  D  A2  |  Ai  V  A2  |  ~'A  |  T  |  _L  |  \fx.  A  \  3x.  A 

The  notions  of  free  and  bound  variable  are  defined  as  usual.  We  identify  formulas  that  differ  only 
in  the  names  of  their  bound  variables  and  write  [t/x]A  for  capture-avoiding  substitution  of  t  for  x 
in  A.  We  use  A,  B ,  and  C  to  range  over  formulas. 

The  main  judgment  of  natural  deduction  is  derivability  of  a  formula  A,  written  as  F  A,  but 
we  follow  custom  and  mostly  omit  the  turnstile  in  the  presentation.  In  natural  deduction  the 
meaning  of  each  logical  connective  or  quantifier  is  given  by  introduction  and  elimination  rules.  The 
introduction  rule  specifies  how  to  infer  a  formula  with  a  given  principal  connective.  The  elimination 
rule  specifies  how  we  may  use  an  assumption  with  a  given  principal  connective.  During  search  for 
a  natural  deduction  our  goal  is  to  deduce  C  from  hypotheses  Ai, . . . ,  An.  We  may  take  four  kinds 
of  actions. 

1.  We  may  solve  the  goal  immediately  when  a  hypothesis  A,-  is  equal  to  C. 

2.  We  may  use  an  introduction  rule  to  infer  C.  Each  premise  yields  a  new  subgoal. 

3.  We  may  apply  an  elimination  rule  to  a  hypothesis  A,-.  Typically,  this  yields  a  new  subgoal 
with  an  additional  hypothesis. 

4.  We  may  introduce  a  lemma  into  the  derivation. 

We  also  observe  from  the  nature  of  hypothetical  reasoning: 

1.  The  order  in  which  hypotheses  are  assumed  is  irrelevant. 

2.  Hypotheses  may  be  used  arbitrarily  often. 

3.  Hypothesis  need  not  be  used. 
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We  abbreviate  hypotheses  Ai,...,An  by  T.  Since  the  order  of  hypothesis  is  irrelevant  we  write 
p  =  T',A  if  A  occurs  in  T  and  Y1  consists  of  the  remaining  hypotheses.  Note  that  the  same 
hypothesis  may  occur  more  than  once. 

A  sequent  Y  — »  C  is  a  judgment  representing  the  goal  of  deriving  C  from  T.  A  derivation  of 
T  — »  C  represents  a  trace  of  a  particular  successful  search,  although  in  this  paper  we  do  not  show 
the  routine  extraction  of  a  natural  deduction  C  from  a  sequent  derivation.  The  proof  search  actions 
listed  above  give  rise  to  various  inference  rules  for  the  sequent  calculus.  Using  our  obervations  about 
natural  deduction  we  eliminate  all  structural  rules  from  Gentzen’s  system  by  building  them  into 
each  rule.  Intuitively,  weakening  is  incorporated  into  initial  sequents  and  contraction  is  built  into 
each  left  rule.  Exchange  remains  implicit  in  the  notation  I\  A. 


Initial  Sequents.  The  goal  may  be  solved  immediately  when  a  hypothesis  A  matches  the  con¬ 
clusion.  In  sequent  form: 

- / 

r,  a  — »  a 

Introduction  rules  are  used  to  reason  backwards  from  the  conclusion  during  search  for  a  natural 
deduction.  Consequently,  they  apply  to  the  formula  on  the  right-hand  side  of  the  sequent  arrow. 
Dually,  elimination  rules  are  used  to  reason  forward  from  hypotheses  and  thus  apply  to  a  formula 
on  the  left-hand  side  of  the  sequent  arrow.  Therefore,  the  sequent  rules  for  each  connective  can  be 
divided  into  right  and  left  rules.  We  examine  each  of  the  connectives  and  quantifiers,  showing  the 
introduction  and  elimination  and  corresponding  right  and  left  sequent  rules. 


Conjunction.  The  introduction/right  rules  are  straightforward. 


A _ B 

AAB 


Al 


A  R 


For  the  elimination/left  rules  we  have  to  remember  to  keep  the  hypothesis  AAB,  since  hypotheses 
may  be  used  arbitrarily  often  in  a  natural  deduction. 


AAB 

A 


aEl 


r,AAB,A—+C 
r,A  ab  — *  c 


ALi 


aab 

B 


AEr 


y,aab,b  — +  c  r 

— — - al2 

t,aab  —>c 


Implication.  The  premise  of  the  introduction  rule  for  an  implication  Ad  B  is  a  judgment  hy¬ 
pothetical  in  A  labelled  u.  The  hypothesis  is  discharged  at  this  inference  which  we  indicate  by  a 
superscript  on  the  instance  of  the  inference  rule.  In  the  sequent  formulation  on  the  right,  we  add 
A  to  T:  we  have  reduced  the  goal  of  deriving  A  D  B  from  F  to  the  goal  of  deriving  B  from  F  and 
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A. 


—  u 
A 


B 


Ad  B 


Dlu 


t,a—>b 

- dr 

r  — >  A  D  B 


If  we  have  an  implication  A  D  B  as  a  hypothesis  while  deriving  C  we  use  it  by  proving  A  (from  the 
same  hypotheses)  and  then  assuming  B  as  additional  hypothesis  for  proving  C . 


APB  A 
B 


DE 


t,adb 


t,ad  b,b  —*c 


t,adb—+c 


dl 


In  order  to  maintain  the  correspondence  to  natural  deduction  it  is  important  to  copy  the  implica- 
tional  assumption  AD  B  to  both  premises,  even  though  it  is  redundant  in  the  right  premise. 


Disjunction.  There  are  two  introduction  rules  for  disjunction  in  natural  deduction  and  conse¬ 
quently  two  right  rules  for  disjunction  in  the  sequent  calculus. 


A 

AW  B 


VIL 


r  — >  a 
r  — »  aw  B 


WRi 


B 

AW  B 


VIr 


r  — >  b 
r  — *•  AW  B 


WR2 


The  elimination  rule  for  disjunction  explicitly  refers  to  a  conclusion  C  and  is  thus  already  closer 
to  a  sequent  rule. 

—  Ui  —U2 

A  B 

.  .  T,AwB,A  — »  C  T  ,AV  £,£—►£ 

AWB  C  C  T,AwB  >  C 

- VE«i  ,U2 

C 

Negation.  Negation  in  intuitionistic  natural  deduction  is  usually  explained  by  considering  ->A 
as  an  abbreviation  of  A  D  -L.  In  sequent  calculi,  on  the  other  hand,  it  is  modeled  by  an  empty 
right-hand  side.  These  do  not  correspond  so  we  need  to  find  another  formulation  for  negation.  The 
goal  is  to  find  an  introduction  rule  for  —>A  that  does  not  require  another  logical  symbol  (such  as 
_L).  We  use  the  idea  of  a  judgment  parametric  in  a  propositional  variable  p  to  achieve  this.  For 
the  sequent  calculus  this  means  that  p  may  not  occur  in  T  or  A. 

—  u 
A 


P 

- ,P’“ 

->A 
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The  elimination  rule  is  simpler. 


r,-iA  — y  A 

r,-A  — 


—ij L 


It  may  not  be  obvious  at  first,  but  the  introduction  and  elimination  rule  (and  also  the  left  and 
right  rules)  match  up  precisely.  We  will  see  this  in  the  proof  of  cut-elimination. 


Truth.  There  is  only  an  introduction  rule  for  T  in  natural  deduction.  Correspondingly,  we  only 
have  a  right  rule  in  the  sequent  calculus. 

—  TI  - JR 

T  r  — y  T 


Falsehood.  Dually,  there  is  only  an  elimination  and  corresponding  left  rule  for  J_. 


r,-L 


C 


LL 


Universal  Quantification.  Universal  quantification  employs  an  individual  parameter.  In  the 
sequent  calculus,  this  means  that  the  parameter  a  must  be  new,  that  is,  it  may  not  appear  in  T  or 
\f  x .  A 

[a/x]A  T  — y  [ a/x\A 

———VP  - VfP 

Vx.  A  T  — y  Vx.  A 

In  the  elimination  rule  we  substitute  an  arbitrary  term  t  for  a  universally  quantified  variable  x. 
This  substitution  may  need  to  rename  bound  variables  so  that  no  variable  free  in  t  is  captured  by 
a  quantifier  in  A. 

Vx.  A  r,Vx.  A,[t/x]A — yC 

- VE  - VL 

[t/x]A  T,  Vx.  A  — y  C 

In  the  customary  notation  for  this  elimination  and  right  rules,  the  term  t  is  not  uniquely  determined 
if  x  does  not  occur  free  in  A.  In  the  proof  term  calculus  in  Section  3  we  make  sure  that  t  occurs 
explicitly  in  order  to  avoid  potential  ambiguities. 

Existential  Quantification.  The  introduction/right  rules  are  straightforward. 

[t/x]A  T — y[t/x\A_^^ 

31  3  R 

3x.  A  r  — ►  3x.  A 

The  apparent  complexity  of  the  elimination  rule  vanishes  when  viewed  in  the  sequent  calculus. 
Once  again,  a  must  be  a  new  parameter,  that  is,  it  may  not  occur  in  T,  3x.  A,  or  C. 

- u 

[a/x]A 


3  x.A  C 

- 3EQ’U 

C 


T,  3x.  A,  [ a/x]A  — y  C 
r,3x.  A  — 


3La 
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Lemma  Introduction.  Introducing  a  lemma  A  during  the  search  for  a  natural  deduction  cor¬ 
responds  directly  to  the  cut  rule  in  the  sequent  calculus:  in  order  to  derive  C  from  T  we  derive  A 
and  show  that  with  the  additional  hypothesis  A  we  can  derive  C. 


The  theorem  of  cut  elimination  states  that  every  sequent  T  — y  C  that  is  derivable  in  the  system 
with  cut,  can  also  be  derived  in  the  system  without  cut.  An  equivalent,  but  slightly  more  convenient 
way  of  stating  this  is  that  cut  is  admissible  in  the  system  without  cut,  that  is,  whenever  we  can 
derive  the  premisses  of  this  rule  without  using  cut,  we  can  also  derive  the  conclusion  without  using 
cut.  We  concentrate  our  development  on  admissibility  of  cut  and  relegate  cut  elimination  in  the 
sense  of  Gentzen  to  Appendix  B. 

We  summarize  the  rules  for  the  cut-free  calculus  G3.  They  are  sound  and  complete  in  the  usual 
sense,  which  can  easily  be  shown  by  relating  them  to  Gentzen ’s  sequent  calculus  or  to  natural 
deduction  (see  Theorem  2). 


r,  a  — ►  a 


r  — >  a  r  — >  b 
r  — >  aab 


a  R 


t,aab,a—>c 
t,aab  —>c 

t,aab,b  — >c 
T,AAB  — >  c 


Ah 


Ah 


r, A  — ¥  B  T,AdB  — >  A  T,AdB,B  — > c 

_J - dR  — - DL 


r  — ¥  ad  b 


r  ,adb  —>c 


r  — »  a 
r  — yavb 

r  — >  b 
r  — ¥  a  v  B 


■VBi 


vr2 


T,AVB,A—>C  T,A\/B,B  — >  c 
T,AWB  — ¥  C 


WL 


r,  -iA  — ¥  a 
r, -iA  — ¥  c 


—iL 
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r,±— ►c' 


■±L 


T — >[ajx]A  T,  Vx.  A,  [t/x]A — >  C 

-VRa  - : - i - VX 


T  — Vx.  A 


r,Vr.  A  — >•  C 


\t/x]A  T ,3x .  A,[a / x]A — >  C 

■3  R  - - - 3  La 


3x.  A 


r,3z.  A  — >  c 


The  principal  formula  of  an  inference  is  either  the  formula  being  introduced  on  the  left  or  the 
right,  or  the  formula  occurring  on  the  left  and  the  right  in  an  initial  sequent.  All  other  formulas 
are  side  formulas  of  the  last  inference.  These  notions  also  apply  to  individual  formula  occurrences. 

The  system  without  cut  is  easily  seen  to  be  consistent,  since  there  is  no  rule  with  which  one 
could  infer  the  sequent  — >  -L.  In  terms  of  natural  deduction  this  means  that  introducing  a  lemma 
during  search  is  never  necessary:  If  there  is  a  deduction  of  C  from  hypotheses  P  we  can  find  it 
by  using  only  introduction  rules  reasoning  backwards  from  C  and  using  only  elimination  rules 
reasoning  forward  from  the  hypothesis  T.  This  yields  consistency  of  natural  deduction  as  an  easy 
corollary,  since  there  is  no  introduction  rule  for  X. 

Our  formulation  of  the  sequent  calculus  has  the  following  elementary  properties.  It  is  not 
important  for  our  main  development,  but  these  properties  also  hold  for  the  system  with  the  cut 
rule. 

Lemma  1  (Elementary  Properties  of  Sequent  Calculus) 

1.  (Weakening)  IfT  — »  C  then  T,  A  — *•  C. 

2.  (Contraction)  IfT,A,A  — »  C  then  T,A  — >  C. 

3.  (Term  Substitution)  IfT  — >  C  with  free  individual  parameter  a  then  \tja}T  — >  [t/a]C  for 
any  term  t. 

4-  (Formula  Substitution)  IfT  — *■  C  with  free  propositional  parameter  p  then  [A/p]T  — »  [A/p]C 
for  any  formula  A. 

Proof:  All  are  immediate  by  induction  over  the  structure  of  the  derivation  of  the  assumption.  In 
all  cases  the  structure  of  the  derivation  is  not  changed — a  property  made  explicit  in  Lemma  3.  □ 

Now  let  P  —>■  C  stand  for  derivability  in  Gentzen’s  sequent  calculus  LJ  without  cut  (LJ_),  but 
augmented  with  rules  for  truth  and  falsehood.  We  can  easily  translate  between  derivations  in  LJ 
and  G3  by  removing  or  inserting  instances  of  the  structural  rules  in  LJ-.  Empty  right-hand  sides 
as  permitted  in  LJ  present  only  a  small  complication. 
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Theorem  2  (Equivalence  of  G3  and  LJ  ) 

1.  L  — >•  C  iff  T  ^4  C,  and 

2.  T  — >  p  for  a  parameter  p  that  does  not  occur  in  F  iff  F  . 

Proof:  The  proof  in  both  directions  proceeds  by  induction  over  the  structure  of  the  given  deriva¬ 
tion.  We  require  weakening  and  contraction  lemmas  for  G3  (Lemma  1)  to  model  the  structural 
rules  of  weakening  and  contraction  in  LJ.  a 

At  this  point  we  could  define  the  size  of  a  formula  A  as  the  number  of  its  connectives  and 
quantifiers,  the  length  of  a  derivation  as  the  number  of  inference  rules  it  contains,  and  then  prove 
the  admissibility  of  cut  in  the  cut-free  system  by  three  nested  inductions  over  the  size  of  the  cut 
formula  and  the  lengths  of  the  derivations  of  L  — >  A  and  T,  A  — >  C.  However,  such  a  proof  is  not 
well-suited  for  implementation.  The  first  difficulty  is  the  implementation  of  the  sequent  calculus 
itself  and  the  notions  of  multi-set  it  requires.  The  second  difficulty  is  that  most  proof  checkers  or 
theorem  provers  use  structural  induction  more  effectively  than  proofs  with  termination  measures. 
We  will  return  to  both  points  in  the  next  section. 


3  Proof  Terms  for  the  Sequent  Calculus 


The  sequent  rules  as  given  so  far  do  not  preserve  all  the  information  present  in  a  natural  deduction. 
For  example,  the  two  different  natural  deductions  of  A  D  ( A  D  A)  below  are  mapped  to  same  sequent 
derivation. 


—  u 
A 

- Dlw 

AD  A 

- DP 

Ad  (Ad  A) 


—  w 
A 

- DP 

ad  A 

- DP 

Ad  (Ad  A) 


- 1 

A,  A  — >  A 

- DR 

A  — >  AD  A 

- dr 

-4  ad  (Ad  a) 


In  the  sequent  notation  we  cannot  tell  which  of  the  two  identical  hypotheses  was  used  in  the  initial 
sequent.  If  we  are  only  interested  in  derivability  (or  truth),  then  this  is  tolerable.  However,  if 
we  are  interested  in  the  structure  of  derivations  such  ambiguities  should  be  resolved.  Clearly,  for 
many  applications  in  computer  science  and,  of  course,  also  for  the  proof  of  cut  elimination  the 
structure  of  derivations  is  of  central  importance.  We  therefore  endow  sequent  derivations  with 
proof  terms  that  resolve  this  kind  of  ambiguity.  This  is  also  an  important  intermediate  step  toward 
the  representation  of  the  rules  in  LF. 

There  are  at  least  three  distinct  roles  that  proof  terms  may  play  for  a  sequent  calculus,  an 
issue  recognized  by  Gallier  [Gal93]  and  Breazu-Tannen  et  al.  [BTKP93].  The  most  immediate 
perhaps  is  to  annotate  sequent  derivations  with  A-terms  that  represent  the  natural  deductions  they 
correspond  to.  The  second  is  to  think  of  proof  terms  as  expressions  in  a  programming  language 
and  view  a  sequent  derivation  as  a  typing  derivation.  The  third  is  to  view  proof  terms  as  a  compact 
notation  for  sequent  derivations  from  which  they  may  essentially  be  reconstructed.  This  view  is 
particularly  useful  for  our  endeavor,  since  the  representation  in  a  logical  framework  should  also 
have  this  property. 


3  PROOF  TERMS  FOR  THE  SEQUENT  CALCULUS 
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The  first  step  is  to  label  hypotheses.  The  second  is  to  record  a  proof  term  d  on  the  right  of  the 
sequent  arrow.  A  sequent  then  has  the  form  T  — y  d  :  A  where  T  has  the  form  h\:A\, . . . ,  hn:An. 
We  assume  that  all  hypothesis  labels  in  a  context  are  distinct.  In  order  to  avoid  confusion  with 
similar,  but  subtly  different  proof  term  notations  in  the  literature,  we  systematically  introduce 
precisely  one  new  proof  term  constructor  for  each  inference  rule  of  the  sequent  calculus  and  give 
each  a  descriptive  name.  Rules  that  introduce  parameters  or  hypotheses  bind  variables  at  the  level 
of  proof  terms — a  phenomenon  which  should  be  familiar  from  the  Curry-Howard  isomorphism. 
The  idea  of  higher-order  abstract  syntax  (here  applied  to  a  syntax  for  proof  terms)  is  to  reduce 
all  binding  operators  to  one,  namely  A.  This  makes  it  immediately  syntactically  apparent  which 
variables  are  bound  and  where.  We  also  indicate  the  “type”  of  bound  variables:  they  may  bind 
individuals  ( x:i ),  formulas  (p:o)  or  hypotheses  (h:A). 


T,  h:A  — y  axiom  h  :  A 


e?i  :  A  T  — y  d2  :  B 
— y  andr  did2:  A  AB 


A  R 


r,  h:A  A  B,  hi’.A  — y  d  :  C 
T,  h:A  A  B  — *  andli  (Xh^.A.  d)h:C 

r,  h:A  A  B,  h2:B  — y  d  :  C 
T,  h:A  A  B  — y  andl2  (Xh2:B.  d)h:C 


-  ALi 


A  L2 


T,  h:A  — y  d  :  B 


T  — y  impr  (A  h:A.  d)  :  Ad  B 


DR 


T,  h:A  D  B  — y  di  :  A  T,h:Ap  B,h2:B  d2  :  C 
T,  h:A  D  B  — y  impl  dx  (A h2:B.  d2)h:C 


DL 


d  :  A 


T  — y  orrf  d  :  A  V  B 

T  — y  d  :  B 
F  — y  orr^  d  :  A  V  B 


VRi 


T,  h:A  V  £?,  hi:A  — )■  dx  :  C  T,  h:A  V  B,  h2:B  —+d2:C 
F,  h:A  V  B  — y  orl  {Xh\\A.  d\)  {Xh2:B.  d2)  h  :  C 


VL 


-  Vi?2 


T,  h:A  — y  d  :  p 


notr  (A p:o.  A h:A.  d)  :  ->A 


T,  h:^A  — yd:  A 
T,  h:~>A  — y  notlc  dh:C 


r 


truer  :  T 


T  R 


LI 


T,  h:L  — y  falsel^  h  :  C 
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d  :  [ a/x\A 


forallr  (A a:i.  d )  :  V®.  A 


■VRa 


T,  h-Nx.  A,  hi-.it/xjA  —>d:C 
T,  h-Mx.  A  — ►  foralllt  (A/q:[t/x]A.  d)h:C 


-Vi 


d  :  \t/x]A 


r 


existsr  td  :  3 x.  A 


■3  R 


T,  h:3x.  A,  h\:[a/x]A  — >  d  :  C 
T,  h:3x.  A  — >■  existsl  (A  a:i.  \hi:[a/ x]A.  d)h  :C 


■3  La 


Cut  is  not  included  as  a  primitive  rule  of  inference,  but  its  proof  term  (see  Appendix  B.l)  would 
once  again  only  reflect  the  structure  of  the  derivation. 

T — >  d  :  A  T,  h:A — >e:C 

- Cut 

T  — >  cut  d  (A h:A.  e)  :  C 

Erasure  of  the  proof  terms  from  a  sequent  derivation  in  this  calculus  yields  derivations  from 
the  rules  given  in  the  previous  section.  The  proofs  of  the  following  properties  are  all  immediate 
structural  inductions.  For  typographical  reasons  we  often  write  V  ::  ( J )  if  V  is  a  derivation  of 
judgment  J.  The  notion  of  substitution  into  a  derivation  should  be  self-explanatory,  perhaps  with 
the  exception  of  [h1/h2]V,  where  hx:A  and  h2:A  are  hypotheses.  Here  we  mean  the  result  of  erasing 
hypothesis  h2  on  the  left-hand  side  of  every  sequent  occurring  in  V  and  substituting  hi  in  every 
place  where  h2  occurs  on  the  right-hand  side  of  a  sequent.  This  may  require  renaming  some  locally 
bound  hypotheses  to  avoid  capture  of  h\.  We  write  (V,h:A)  for  the  result  of  adding  hypothesis 
h'.A  to  every  sequent  in  X*,  possibly  renaming  parameters  introduced  in  V  so  as  not  to  conflict  with 
parameters  in  A. 

Lemma  3  (Basic  Properties  of  Sequent  Calculus  with  Proof  Terms)  The  intuitionistic  se¬ 
quent  calculus  with  proof  terms  satisfies  the  following  properties. 

1.  (Weakening)  IfV  ::  (r  — >  d  :  C)  then  (£>,  h:A)  ::  (I\  h:A  — ¥  d  :  C )  where  h  is  a  new  label. 

2.  (Contraction  or  Hypothesis  Substitution)  IfV  ::  (T ,  hp.A,  h2'A  — >  d  :  C )  then  [hi/h2]V  .. 

(r,  h\:A — >  [hi/h2]d  :  C). 

3.  (Term  Substitution)  IfV  ::  (r  — >  d  :  C )  is  a  derivation  with  free  individual  parameter  a  then 
[t/a]V  ::  ([t/a]T  — ►  [t/a]d  :  [t/a]C). 

4.  (Formula  Substitution)  If  V  ::  (F  — >  d  :  C)  is  a  derivation  with  free  formula  parameter  p 
then  [A/p]V  ::  {[A/p}Y  — >  [A/p]d  :  [. A/p]C ). 

5.  (Uniqueness)  If  V  ::  (T  — >  d  :  C)  and  V  ::  (T  — >  d  :  C )  then  V  =  V  and  C  —  C  (modulo 
variable  renaming). 

4  Representing  Sequent  Derivations  in  LF 

In  this  section  we  briefly  summarize  the  representation  of  formulas  in  LF  using  the  idea  of  higher- 
order  abstract  syntax  and  show  how  the  proof  terms  of  the  previous  section  can  be  converted  to 
an  adequate  encoding  of  the  sequent  calculus.  Readers  interested  primarily  in  the  proof  of  cut 
elimination  itself  may  safely  skip  this  section. 


4  REPRESENTING  SEQUENT  DERIVATIONS  IN  LF 
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For  the  sake  of  brevity  we  show  the  actual  code  in  Elf  [Pfe91],  an  implementation  of  LF  which 
permits  type  declarations  with  implicit  quantifiers.  Elf  also  gives  an  operational  interpretation  to 
signatures  as  logic  programs  which  will  be  of  interest  later  in  the  implementation  of  cut  elimination. 
First,  the  representation  of  formulas.  The  obvious  representation  function  r-'1  is  a  compositional 
bijection  between  canonical  (=  long  firf)  LF  objects  of  type  o  (in  an  appropriate  context)  and 
formulas  (see  [HHP93]).  An  important  characteristic  of  this  encoding  (and  the  others  we  give 
below)  is  that  variables  of  the  object  language  are  mapped  to  variables  of  the  meta-language. 
Consequently,  variables  that  are  bound  in  the  object  language  must  be  bound  with  corresponding 
scope  in  the  meta-language. 

i  :  type.  */,  individuals 
o  :  type.  7,  formulas 

and  :  o  ->  o  ->  o. 

imp  :  o  ->  o  ->  o. 

or  :  o  ->  o  ->  o. 

not  :  o  ->  o. 

As  an  example,  consider  the  formula 

(Van  (Ax  D  B ))  D  ((3r.  Ax)  D  B ). 

Here,  A  and  B  are  meta-variables,  and  Ax  indicates  that  A  may  contain  free  occurrences  of  x  while 
B  may  not.  In  the  LF  meta-language,  this  is  implemented  by  an  explicit  abstraction.  Using  infix 
notation  (which  is  supported  in  Elf)  the  formula  above  is  represented  by 

((forall  [x:i]  (A  x  imp  B))  imp  ((exists  [x:i]  A  x)  imp  B) . 

in  a  context  with  A:i  ->  o  and  B:o.  The  concrete  syntax  [x:U]  M  stands  for  Xx:U.  M  in  the 
logical  framework. 

Before  giving  the  signature  for  the  sequent  calculus  we  state  the  adequacy  theorem  since  it  is  a 
useful  guide  in  interpreting  the  declarations.  We  use  H'F  for  derivability  in  LF  under  the  signature 
consisting  of  the  declarations  yet  to  come.  Assume  we  have  a  derivation 

V 

h\ .  Ay , . . . ,  h»n . An  y  d  .  CJ 

with  free  individual  parameters  among  aj, . . . ,  and  propositional  parameters  among  pi, . . . , pm- 
Its  representation  rV~i  is  a  canonical  object  M  such  that 

ax:i, . .  .,afc:i,pi:o, . .  .pm:o,  fei:hyprAi"1, . . .,  hn:hyprAn~'  M  :  concrC"', 

where  hyp  and  cone  are  type  families  indexed  by  formulas.  We  call  the  representation  adequate  if 
r-"1  is  a  bijection  between  cut-free  sequent  derivations  and  such  well- typed  canonical  objects  and  if 
it  is  also  compositional  in  sense  that 

r[t/a]V^  =  [' -r/a]rV V 
r[C/p]V-  =  [rcn/p]r2>'1)  and 
r[hi/h2]V^  =  [h1/h2YV'. 


true  :  o . 

false  :  o. 

forall  :  (i  ->  o)  ->  o. 

exists  :  (i  ->  o)  ->  o. 
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STRUCTURAL  CUT  ELIMINATION 


One  observes  a  strong  similarity  between  the  proof  terms  d  and  the  representing  LF  objects  M.  In 
transcribing  the  proof  terms  into  LF,  we  mainly  have  to  take  care  to  distinguish  between  hypotheses 
and  conclusions  via  the  type  families  hyp  and  cone.  We  do  not  give  an  explicit  definition  of  T 
the  declarations  below  and  their  correspondence  to  proof  terms  are  suggestive  so  that  the  diligent 
reader  should  be  able  to  write  it  out  without  any  problems.  Note  that  '/,  begins  a  comment  that 
extends  to  the  end  of  the  line,  that  {x:U}V  is  Elf’s  concrete  syntax  for  II x:U.V,  and  that  [x:U]M 
stands  for  A x:U.  M.  Most  II-quantifiers  are  left  implicit  and  are  reconstructed  by  Elf’s  front  end 
in  proper  dependency  order  and  with  their  most  general  types. 

hyp  :  o  ->  type.  '/.  Hypotheses  (left) 
cone  :  o  ->  type.  '/.  Conclusion  (right) 


axiom  :  (hyp  A  ->  cone  A) . 

andr  :  cone  A 

->  cone  B 

->  cone  (A  and  B) . 

impr  :  (hyp  A  ->  cone  B) 

->  cone  (A  imp  B) . 


orrl  :  cone  A 

->  cone  (A  or  B) . 

orr2  :  cone  B 

->  cone  (A  or  B) . 

notr  :  ({p:o>  hyp  A  ->  cone  p) 
->  cone  (not  A) . 

truer  :  cone  (true). 


forallr  :  ({a:i>  cone  (A  a)) 

->  cone  (f orall  A) . 

existsr  :  {T:i>  cone  (A  T) 

->  cone  (exists  A) . 


andll  :  (hyp  A  ->  cone  C) 

->  (hyp  (A  and  B)  ->  cone  C) . 

andl2  :  (hyp  B  ->  cone  C) 

->  (hyp  (A  and  B)  ->  cone  C) . 

impl  :  cone  A 

->  (hyp  B  ->  cone  C) 

->  (hyp  (A  imp  B)  ->  cone  C). 


orl  :  (hyp  A  ->  cone  C) 

->  (hyp  B  ->  cone  C) 

->  (hyp  (A  or  B)  ->  cone  C) . 


notl  :  cone  A 

->  (hyp  (not  A)  ->  cone  C). 


falsel  :  (hyp  (false)  ->  cone  C) . 

foralll  :  {Tri}  (hyp  (A  T)  ->  cone  C) 

->  (hyp  (f orall  A)  ->  cone  C) . 

existsl  :  ({a:i}  hyp  (A  a)  ->  cone  C) 

->  (hyp  (exists  A)  ->  cone  C) . 


The  encoding  satisfies  the  representation  theorem  as  outlined  above.  It  circumvents  many  of 
the  problems  that  ordinarily  arise  in  representations  of  the  sequent  calculus.  Multi-sets  are  avoided, 
since  hypotheses  on  the  left-hand  side  of  the  sequent  arrow  are  transported  into  the  LF  context. 
Variable  naming  conditions  are  encoded  through  the  usual  functional  representation  of  parametric 
judgments. 

Theorem  4  (Adequacy  of  Sequent  Representation)  The  representation  of  sequent  deriva¬ 
tions  in  LF  is  adequate. 


5  ADMISSIBILITY  OF  CUT 


13 


Proof:  By  inductions  over  the  structure  of  sequent  derivations  and  canonical  forms  in  LF.  The 
proof  requires  Lemma  3.  n 


Since  the  representation  is  adequate,  checking  the  validity  of  sequent  derivations  can  be  ac¬ 
complished  by  type-checking  their  representations  in  LF.  As  an  example,  consider  the  following 
cut-free  sequent  derivation. 


(Vx.  (Ax  3  B)),(Bx.  Ax),Aa ,  ( Aa  3  B)  — >  Aa  (Vs.  (Ax  3  B)),  (3a;.  Ax),  Aa,  ( Aa  3  B),  B  — >  B 


(Vx.  (Ax  3  B)),  (3x.  Ax),  Aa,  (Aa  3  B)  — ^  B 


3  L 


(Vx.  (Ax  3  B)),  (3x.  .Ax),  Aa  — >  B 
(Vx.  (Ax  3  B)),( 3x.  Ax)  — >  B 
(Vx.  (Ax  3  B))  — ^  ((3x.  Ax)  3  B ) 


ML 


3  La 
3  R 


((Vx.  (Ax  3  B))  3  ((3x.  Ax)  3  B)) 


■DR 


Its  representation  in  Elf  is  the  following  term. 
[A:i  ->  o]  [B:o] 


(impr  [hl:hyp  (forall  [x:i]  A  x  imp  B)] 

(impr  [h2 : hyp  (exists  [x:i]  A  x)] 

(existsl  (  [a : i]  [h3:hyp  (A  a)] 

foralll  a  (Ch4:hyp  (A  a  imp  B)] 
impl  (axiom  h.3) 

([h5:hyp  B]  axiom  h5) 
h4) 
hi) 

h2) ) ) 

Note  that  the  values  of  variables  that  were  implicitly  quantified  in  the  constant  declarations  are 
not  explicitly  supplied  here,  but  reconstructed  by  Elf’s  front  end. 


5  Admissibility  of  Cut 

The  proof  of  cut  elimination  uses  one  principal  lemma:  the  admissibility  of  cut  in  the  cut-free 
system.  From  this,  cut  elimination  follows  by  a  simple  structural  induction  (see  Appendix  B). 

Theorem  5  (Admissibility  of  Cut)  Let  V  ::  (r  — >  d  :  A)  and  £  ::  (T,h:A  — >  e  :  C)  be 
cut-free  sequent  derivations.  Then  there  exists  a  proof  term  f  and  a  cut-free  sequent  derivation 
Tv.  (r  —Af:C). 

Proof:  The  proof  proceeds  by  three  nested  structural  inductions  on  A,  d ,  and  e.  In  other  words, 
we  may  use  the  induction  hypothesis  for  (immediate)  subformulas  of  A  and  arbitrary  d  and  e,  or 
for  A,  a  subterm  of  d  and  arbitrary  e,  and  for  A,  d,  and  a  subterm  of  e.  We  distinguish  cases 
for  V  and  £,  which  is  the  same  as  distinguishing  cases  for  the  proof  terms  d  and  e,  since  they 
determine  the  derivation  (Lemma  3(5)).  The  proof  is  constructive  so  that  it  describes  an  algorithm 
that  computes  a  derivation  T  given  the  derivations  V  and  £. 
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The  cases  can  be  divided  into  four  categories:  (1)  Either  V  or  £  is  initial  with  A  as  its  principal 
formula,  (2)  A  is  the  principal  formula  of  the  last  inference  in  both  D  and  5,  (3)  A  is  a  side  formula 
of  the  last  inference  in  V,  and  (4)  A  is  a  side  formula  of  the  last  inference  in  £.  These  classes  are 
not  mutually  exclusive,  so  the  algorithm  induced  by  our  proof  is  non-deterministic.  We  capture 
this  non-determinism  as  a  relation  between  rAn,  rV~ r£n,  and  r^rn,  which  is  implemented  by  a 
type  family 

ca  :  {A:o>  cone  A  ->  (hyp  A  ->  cone  C)  ->  cone  C  ->  type. 

Note  that  r£n  may  use  the  hypothesis  A  in  addition  to  the  ambient  hypotheses  T  which  are  implicit. 
We  show  how  each  case  in  the  proof  contributes  a  declaration  to  ce.  First,  the  two  cases  where 
either  V  or  £  is  an  initial  sequent  with  principal  formula  A. 


Case: 


V  =  T',  H:A  — +  axiom  H  :  A 


and  £  ::  ( T',H:A,h:A  — >  e 
f  =  [H/h]e  and 


:  C)  is  arbitrary.  Here  T  =  T’,H:A  and  d  —  axiom  H. 
[H/h}£ 

T  =  T',  H:A  — >  [H/h]e  :  C  . 


Then  we  let 


The  substitution  of  H  for  h  in  £  is  represented  by  applying  the  function  that  represents  £  to  the 
representation  of  H.  This  gives  the  correct  representation  of  the  result  by  compositionality  of  r-n 
and  Lemma  3(2). 


ca_axiom_l  :  ca  A  (axiom  H)  E  (EH). 


Case: 

- 1 

L  —  T,  h:A  — >  axiom  h  :  A 

and  V  ::  (T  — >  d:  A)  is  arbitrary.  Then  we  let  f  =  d  and  T  -  V.  The  representation  of  this  case 
is  immediate. 

ca_axiom_r  :  ca  A  D  ([h:hyp  A]  axiom  h)  D. 

Next  we  consider  a  case  where  the  cut  formula  A  is  the  principal  formula  of  the  last  inference 
in  both  V  and  £. 


Case: 


V  = 


V2 

T,  h\'.A\  — >  d2  ■  A2 

— — - DR 

T  — >  impr  (Xhi'.Ai.  d2)  :  Ai  D  A2 


and 


£x 


£2 


£  _  T,  h:A\  D  A2 — >  ei  :  Ai  T,h:Ai  D  A2,  h2:A2 — >e2:C 


DL. 


T,h:Ai  D  A2 


impl  e\  (Xh2:A2.  e2)h  :  C 


5  ADMISSIBILITY  OF  CUT 
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Here  d  =  impr  (Xhx:Ax.  d2)  and  e  =  impl  ex  (A h2:A2.  e2)  h.  In  this  case  we  first  need  to  eliminate 
the  remaining  copies  of  Ax  D  A2  from  the  hypotheses  of  £x  and  £2-  To  this  end  we  apply  the 
induction  hypothesis  with  all  of  T>  and  the  subderivation  Sx  to  obtain  an  e[  and  £[  such  that 

£[  ::  (r  — ¥  e'x  :  Ax)  By  i.h.  on  Ax  D  A2,  d,  and  ex 

Similarly,  we  would  like  to  eliminate  the  hypothesis  h  from  £2,  but  £2  has  an  additional  hypothesis 

fi2.  Thus  we  must  first  weaken  V  to  ( V,h2‘.A2 )  ::  (T,  h2'.A2  — >  d  :  AXD  A2).  By  Lemma  3(1),  this 

does  not  change  the  proof  term  d.  We  can  thus  apply  the  induction  hypothesis  and  obtain 

£'2  ::  (r,  h2:A2  — ¥  e'2  :  C)  By  i.h.  on  Ax  D  A2,  d,  and  e2 

Now  that  we  have  eliminated  the  additional  copies  of  Ax  D  A2  we  can  apply  the  ordinary  step  of 
reducing  the  cut  to  two  new  cuts,  but  both  on  smaller  formulas  ( Ax  and  A2).  Note  that  the  proof 
terms  ex,  e'2,  and  d'2  involved  in  these  cuts  may  be  much  bigger,  since  they  are  the  result  of  earlier 
appeals  to  the  induction  hypothesis. 

V2  ::  (r  — ¥  d’2  :  A2)  By  i.h.  on  Ax,  e'x,  and  d2 

T  (r  — >  f  :C)  By  i.h.  on  A2,  d'2,  and  e'2 

In  the  Elf  representation,  each  of  the  four  appeals  to  the  induction  hypothesis  are  implemented 
as  recursive  calls  to  ca.  We  use  A  <-  B  for  B  ->  A  to  emphasize  the  operational  reading  of  this 
declaration  as  part  of  a  logic  program  in  Elf  to  perform  cut  elimination.  The  backwards  arrow 
associates  to  the  left. 

ca_imp  :  ca  (A1  imp  A2)  (impr  D2) 

([h:hyp  (A1  imp  A2)]  impl  (El  h)  (E2  h)  h)  F 
<-  ca  (A1  imp  A2)  (impr  D2)  El  El’ 

<-  ({h2:hyp  A2> 

ca  (A1  imp  A2)  (impr  D2) 

( [h : hyp  (A1  imp  A2)]  E2  h  h2)  (E2’  h2)) 

<-  ca  A1  El 5  D2  D2’ 

<-  ca  A2  D2’  E2’  F. 

The  weakening  we  mentioned  above  is  implemented  by  the  weakening  which  holds  for  LF:  in  the 
second  subgoal,  D2  slips  inside  the  scope  of  h2,  but  it  may  not  actually  depend  on  it. 

Next  we  show  a  case  where  the  cut  formula  A  is  a  side  formula  of  the  last  inference  in  £.  The 
idea  in  all  cases  where  the  cut  formula  is  a  side  formula  of  the  last  inference  R  is  the  same:  we  appeal 
to  the  induction  hypothesis  on  the  premise(s)  and  then  apply  R  to  the  resulting  derivation  (s) . 

Case: 

£1 

c  _  r',  H:BX  A  B2,  hx:Bx,  h:A  — >  ex  :  C 

c  ~  - - - - - All 

D,  H:BX  A  £2,  h:A  — >  andU  (Xhx:Bx.  ex)H:C 

and  V  ::  (T',  H:BX  A  B2  — >  d  :  A)  is  arbitrary.  In  this  case,  T  =  T',H:BX  A  B2  and  e  = 
andh  (Xhx:Bx.  ex)  H.  After  weakening  V  (without  changing  the  proof  term  d\)  we  “cut”  (X>,  hx:Bx) 
and  Ex  to  obtain 
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£[  ::  (T',  H'BX  A  B2 ,  — >  ej  :  C)  By  i.h.  on  A,  d,  a 

We  now  obtain  T  by  applying  the  AZ-i  to  £[. 


Pi 

T_  T',H:B1AB2,h1:B1^e'1:C 

— -  — —  ALi 

Ti,H:B1AB2  — 4andl1(A/i1:Bi.e,1)H:C 

Note  how  explicit  abstractions  and  applications  are  employed  to  represent  scoping  of  hypotheses 
in  the  Elf  implementation  of  this  case. 

car.andll:  ca  A  D  ([h:hyp  A]  andll  (El  h)  H)  (andll  El’  H) 

<-  ({hl:hyp  Bl}  ca  A  D  ([h:hyp  A]  El  h  hi)  (El5  hi)). 

All  the  remaining  cases  (there  are  35  altogether)  follow  similar  patterns.  They  are  given  in  a 
more  compact  form  in  Appendix  A.l.  They  require  the  usual  substitution  of  terms  for  individual 
parameters  in  the  cases  for  quantifiers,  and  formulas  for  propositional  parameters  in  the  case  of 
negation.  In  the  quantifier  case  we  need  that  [f/ x]A  is  a  subformula  of  Vx.  A,  which  can  be  justified 
by  an  appropriate  structural  induction  principle  for  first-order  formulas.  E 

What  does  the  proof  representation  we  show  above  achieve?  First  of  all,  it  is  operationally 
adequate,  that  is,  it  provides  an  implementation  of  an  algorithm  that  eliminates  cuts  from  sequent 
derivations.  Execution  of  the  signature  above  as  an  Elf  program  is  illustrated  through  an  example 
below.  Furthermore,  the  implementation  describes  not  just  any  admissibility  proof  of  cut,  but 
captures  the  computational  content  of  the  particular,  informal  constructive  proof  we  presented. 
Clearly,  this  must  remain  an  informal  statement,  since  our  “constructive  proof”  is  not  a  formal, 
mathematical  object.  Our  implementation  is  partially  verified  by  the  type  checker  which  ensures 
correctness  of  the  result  of  applying  cut  to  the  two  given  derivations.  Here  the  dependent  types 
play  a  critical  role  in  guaranteeing  the  validity  of  all  sequent  derivations  in  the  signature  statically, 
which  is  the  subject  of  the  adequacy  theorem  (Theorem  4).  On  the  other  hand,  due  to  the  absence 
of  induction  principles  in  LF,  parts  of  the  informal  argument  are  not  formally  verified  through  the 
type  checker.  They  require  an  additional  argument  external  to  LF  which  is  possible  to  carry  out 
by  hand,  but  exceedingly  tedious.  Automation  of  this  external  check  is  the  subject  of  ongoing 
research. 

Even  if  an  external  checker  would  verify  that  the  signature  represented  a  proof  of  admissibility 
of  cut,  there  would  still  remain  the  issue  if  such  a  check  can  always  be  trusted  (there  may  be  bugs 
in  the  implementation,  for  example).  Thus  we  believe  that  it  is  important  that  we  should  be  able 
to  recover  informal,  mathematical  proofs  from  their  formalization  in  a  framework,  that  is,  a  proof 
checker  should  be  able  to  “explain  itself”.  For  this  particular  case  study  we  have  implemented  a 
program  that  translates  the  Elf  signature  into  the  critical  parts  of  the  informal  argument,  namely 
the  sequences  of  appeals  to  the  induction  hypotheses  in  each  case  of  the  admissibility  proof.  We 
then  inspected  each  of  the  35  cases  in  the  same  way  we  would  judge  a  proof  in  a  paper  submitted 
to  a  journal  and  verified  the  correctness  of  the  implementation  of  the  proof  in  Elf.  The  complete 
implementation  and  the  informal  presentation  of  each  case  are  given  in  full  detail  in  Appendix  A.l. 
It  remains  to  convince  oneself  that  all  cases  are  covered,  which  is  not  difficult  since  they  are 
enumerated  systematically. 


5  ADMISSIBILITY  OF  CUT 
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In  the  remainder  of  this  section,  we  illustrate  how  Elf  can  be  used  to  execute  the  (constructive) 
proof  of  the  admissibility  theorem  for  cut.  The  first  derivation  (called  V  in  the  statement  of  the 
theorem)  is 


(3a:.  ( Ax  V  Bx)),  ( Aa  V  Ba),Aa  — 4  Aa 

- - — -  3  R 

(3x.  (Ax  V  Bz)),(Aa  V  Ba),Aa  — 4  (3x.  Ax) 


-Vi?i 


(3x.  (Ax  V  Bi)),Ua  V  Ba),Ba  — 4  Ba 

- - 3  R 

(3a:.  (Aa:  V  Bx)),  (Aa  V  Ba),Ba  — 4  (3a:.  Bx) 


(3x.  (Ax  V  Bx)),(Aa  V  Ba),  Aa  —4  ((3a:.  Ax)  V  (3a:.  Bx))  (3a:.  (Aa:  V  Bx)),(Aa  V  Ba),Ba  —4  ((3a:.  Aa:)  V  (3a:.  Bx)) 


(3x.  (Ax  V  Ba:)),  (Aa  V  Ba)  — 4  ((3a:.  Aa:)  V  (3a:.  Ba:)) 
(3a:.  (Aa:  V  Ba:))  — 4  ((3a:.  Aa:)  V  (3a;.  Bx)) 


-VR.2 

VL 


3  La 


which  is  represented  by 

[A:i  ->  o]  [B:i  ->  o] 

[hl:hyp  (exists  [x:i]  (A  x  or  B  x))] 


(existsl 


hi) 


([a:i]  [h2:hyp  (A  a  or  B  a)] 

(orl  ( [h3 : hyp  (A  a)]  orrl  (existsr  a  (axiom  h3))) 
( [h4 : hyp  (B  a)]  orr2  (existsr  a  (axiom  h4))) 


h2) ) 


The  second  derivation  (slightly  more  general  than  what  we  need)  is 


(A'  V  B'),A'  — 4  A' 
(A'VB'),A'  —4  (B'v  A') 


-VR2 


(A'  v  B') 


- / 

(A'  V  B'),B'  —4  B' 

- : - VB, 

(A'  V  B'),  B'  —4  (B'V  A') 

- VL 

(B'V  A') 


which  is  represented  by 

[A  ’  :  o]  [B  ’  :  o] 

[h:hyp  (A’  or  B’)] 

(orl  ( [b.2 : hyp  A’]  orr2  (axiom  h2)) 

(Ch3:hyp  B’]  orrl  (axiom  h3)) 
h) 

In  this  second  derivation  we  instantiate  the  meta-variables  A'  and  B'  to  3x.  Ax  and  3x.  Bx, 
respectively.  To  obtain  a  cut-free  derivation  of  3x.  {Ax  V  Bx)  — >  (3x.  Bx)  V  (3x.  Ax)  we  then 
pose  the  following  query. 

?-  {A:i  ->  o>  {B:i  ->  o> 

{hl:hyp  (exists  [x:i]  (A  x  or  B  x))> 
ca  ((exists  [x:i]  A  x)  or  (exists  [x:i]  B  x)) 

(existsl  ([a:i]  [h2:hyp  (A  a  or  B  a)] 
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(orl  ([h3:hyp  (A  a)]  orrl  (existsr  a  (axiom  h3))) 

([h4:hyp  (B  a)]  orr2  (existsr  a  (axiom  h4))) 
h2)) 
hi) 

( [h : hyp  ((exists  [x:i]  A  x)  or  (exists  [x:i]  B  x))] 

(orl  ( [h2 : hyp  (exists  [x:i]  A  x)]  orr2  (axiom  h2)) 

( [h3 : hyp  (exists  [x:i]  B  x)]  orrl  (axiom  h3)) 
h)) 

(FAB  hi). 

The  only  free  variable  in  this  query  is  F  which  may  depend  on  A,  B,  and  the  hypothesis  hi.  The 
first  (and  in  this  case  only)  answer  we  obtain  is  the  substitution 


F  = 


[A: i  ->  o]  [B : i  ->  o]  [hl:hyp  (exists  [x:i]  A  x  or  B  x)] 
existsl 

( [a : i]  [h:hyp  (A  a  or  B  a)] 

orl  ([hll:hyp  (A  a)]  orr2  (existsr  a  (axiom  hll))) 

([h2:hyp  (B  a)]  orrl  (existsr  a  (axiom  h2)))  h)  hi. 

which  represents  the  expected  derivation 

- - - -i 

(3:r.  (Ax  V  Ba;)),  ( Aa  V  Ba),Aa  — )■  Aa 

(3x.  (Ax  V  Bx)),(Aa  V  Ba),Aa  — ¥  (3a;.  Ax) 


-3  R 


-VR2 


(3r.  (Ax  V  Bx)),  (Aa  V  Ba),Ba  — >  Ba 
(3x.  (Ax  V  Bx)),  (Aa  V  Ba),Ba  — >•  (3a;.  Bx) 


-3  R 


(3r.  (Ax  V  Bx)),(Aa  V  Ba),  Aa  — >  ((3x.  Bx)  V  (3a;.  Ac))  (3x.  (Ax  V  Bx)),(Aa  V  Ba),Ba  —>  ((3x.  Bx)  V  (3x.  Ax)) 


(3a;.  (Ax  v  Bx)),  (Aa  V  Ba)  — >•  ((3a;.  Bx)  V  (3a;.  Ax)) 
(3a;.  (Ax  V  Ba;))  — ►  ((3a;.  Bx)  V  (3a;.  Ax)) 


vRi 

VL 


3  La 


6  Extension  to  Classical  Logic 

In  natural  deduction  we  obtain  classical  logic  by  adding  another  inference  rule  that  breaks  the 
symmetry  of  introduction  and  elimination  rules.  This  rule  might  be  excluded  middle,  indirect 
proof,  or  double  negation  elimination.  In  sequent  calculus,  classical  logic  is  usually  handled  by 
allowing  multiple  conclusions,  that  is,  a  sequent  has  the  form  T  — >  A,  where  both  F  and  A  are 
lists  (or  multi-sets)  of  formulas.  This  exhibits  deep  symmetries  in  classical  logic  which  are  not  so 
obvious  in  natural  deduction  form.  The  duality  between  left  and  right  rules  is  now  perfect,  as  is  the 
duality  of  conjunction  and  disjunction,  truth  and  falsehood,  universal  and  existential  quantification, 
and  the  self-duality  of  negation.  Unfortunately,  the  gap  between  natural  deduction  and  sequent 
calculus  has  become  wider,  so  our  rules  are  motivated  by  an  extension  of  the  intuitionistic  case  to 
multiple  conclusions,  rather  than  directly  from  natural  deduction.  For  the  proof  of  cut  elimination 
and  our  representation  it  is  important  that  Gentzen’s  structural  rules  remain  implicit:  The  principal 
formula  of  an  inference  must  always  be  copied  to  all  premises  along  with  all  side  formulas. 
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A,  A  A  B,  A  r — >B,AaB,A 

r  — »  aab,a 


A  R 


T,AAB,A  — >  A 
T,AAB  — »  A 

Y,AAB,B  — >  A 
T,A  AS  — *■  A 


A  L\ 


AL2 


T,A—+B,AdB,A 


DR 


Y,AdB — >  A,  A  T,AdB,B 

T,AdB-^A 


dl 


T  — »  A,AVB,A 
T  — »  AW  B,  A 

r  — *  B,  A  V  J3,  A 
r  — >  AVB,A 


Vi?2 


r,Av5,i-4A  r,Av£,B 
r,AvB  — »  A 


-vL 


r,A—>^A,A 

r  — >  -1  a,  a 


r,-iA  — *•  A,  A 

T,  -‘A  — >  A 


T,  A 


■T  R 


r,± 


■LL 


T  — >  [ a/x]A ,  Vx.  A,  A  T,  Vx.  A,  [t/x]A  — A 

- - VL 


T  — >  Vx.  A,  A 


r,Vx.  A— >  A 


L — >  [t/x]A,  3x.  A,  A  T,  3x.  A,  [a/x]A — >A 

- - L_gi?  - - - - 3La 


r  — ►  3x.  A,  A 


r,3x.  A  — ►  A 


As  in  the  intuitionistic  case,  we  exclude  cut  from  the  system  and  show  that  it  is  admissible.  It 
has  the  form 


A,  A  T,A 


A 


•Cut 


The  classical  calculus  satisfies  weakening  and  contraction  on  both  sides,  and  also  the  usual 
substitution  properties.  Weakening  and  contraction  do  not  change  the  structure  of  the  proof, 


20 


STRUCTURAL  CUT  ELIMINATION 


which  is  made  explicit  below  in  Lemma  6.  The  equivalence  to  Gentzen’s  calculus  LK  is  also  easy 
to  establish  by  inserting  or  removing  appropriate  structural  rules;  we  skip  the  routine  details  here. 

The  assignment  of  proof  terms  reflects  the  symmetry  between  the  left-  and  right-hand  sides  of 
a  sequent  in  that  we  label  both  negative  (left-hand  side)  and  positive  (right-hand  side)  formulas 
with  variables.  A  proof  term  d  then  annotates  the  whole  sequent;  we  write  it  above  the  sequent 
arrow: 

ni'.Ai, . .  .,nj:Aj  -^4  pi'Ci, . .  .,pk'-Ck- 

We  use  n  ( negative )  for  labels  of  formulas  occurring  on  the  left  of  the  sequent  arrow  and  p  (positive) 
for  labels  of  formulas  occurring  on  the  right  of  the  sequent  arrow.  As  in  the  intuitionistic  calculus, 
our  proof  terms  faithfully  record  the  structure  of  the  sequent  derivation  and  have  no  immediate 
connection  to  computational  interpretations.  We  again  use  A  and  the  idea  of  higher-order  abstract 
syntax  to  delimit  scope. 


T,  n:A 


axiom  n  p 


P'A,  A 


Pi:A,p:A  A  B,  A 


^2 . 


p  andr(Api:A.  di^(Ap2:B.  d2 )  P  ^  A  J5,  A 


•A  R 


T,  n:A  A  B,  ni:A 


dK 


_  .  andli  (Ani :A.  d\)n  . 

p2:B,p:AAB:A  T,n:A  A  B  >  A 


•  A  L\ 


T,  n:A  A  B,  n2:B 


d2  . 


„  .  ,  andl2  (Xn2:B.  d2)n  . 

T,  n:A  A  B  — >  A 


—  AL2 


d2. 


r,ni:A  -Up2:B,p:A  D  B,  A  T,n:A  D  B  —4  p\:A,A  T,n:ApB,n2:B 


d\ . 


p\:A,p:A  V  J5,  A 


r°rri  (A^'  dl)p  p:A  VB,A 


•  Vi?i 


^2 . 


p2:B,p:A  V  5,  A 


ron2(A^|.d2)Pp;AvBjA 


•  v  R2 


r,n:Av5,ni:i  Aa  £,  n:A  V  B,  n2:B  -^4  A 
r,  n:A  V  B  oll(Xni:A '  dll^n2:B- ^ 71  A 


VX 


T,  n:A  — >  P'-^A,  A 


T,  n:->A  — >  p:A,  A 


r  P:^A,  A  r, A 
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r  tr-^p  p:T,  A 


■  T  R 


T,n:lfa-^nA 


JlL 


Pi:[a/x\A,p'y/x.  A,  A 


-Vi?1 


T,  n-Mx.  A,  n\:\t/x]A 


p  forallr(Ao:t.  Api :[a/g]A.  d)p  ^  ^  ^  p  ^  forallK  (Ani:[t/ar]A.  d)n  ^ 


-VI 


pi:[f/x]A,p:3«.  A,  A 


-3R 


T,  n:3x.  A,  n\:[a/x]A 


■3La 


p  existsrt  (\py.\t / x\A.  d)p  ^  ^  ^  p  ^  existsl  (Aaa.  An^:[a/x]A.  d)n  ^ 


We  generalize  the  various  notions  of  substitution  and  weakening  from  the  intuitionistic  case 
in  the  obvious  way.  Substitution  for  formula  parameters  is  not  necessary  here,  since  negation  is 
handled  in  a  different  way.  We  then  have: 

Lemma  6  (Basic  Properties  of  Classical  Sequent  Calculus  with  Proof  Terms)  The  clas¬ 
sical  sequent  calculus  with  proof  terms  satisfies  the  following  properties. 

1.  (Weakening)  IfV  ::  (r  A)  then  (V,n:A)  ::  (F,  n:A  -A  A)  and  ( V,p:A )  ::  (r  Ap:A,  A), 
where  n  and  p  are  new  labels. 

2.  (Contraction)  IfV  ::  (r,  ni:A,  7i2:A  —4  A)  then  [nx/n2]V  ::  (r,ni:A  >  A).  Further¬ 

more,  ifV  ::  (r  -^4  p\:A,p2'.A,  A)  then  \pi/p2\V  ::  (r  ^-^-4  px:A,  A). 

3.  (Term  Substitution)  IfV  ::  (r  —4  A)  is  a  derivation  with  free  individual  parameter  a  then 
[t/a]V  ::  ([t/a)T  ^  [t/a] A). 

4.  (Uniqueness)  IfV::(T  —^4  A)  and  V  ::  (r  — >  A)  then  V  =  V . 

Proof:  By  simple  structural  inductions.  D 

The  LF  representation  closely  models  proof  terms  and  is  thus  also  symmetric  with  respect  to 
formulas  on  the  left  and  right:  Both  appear  in  the  context  of  the  LF  typing  judgment.  That  is,  a 
cut-free  derivation 

V 

«x:Ai, . ..,ny.Aj  -^4  pp.Ci,...,Pk-Ck 

with  free  individual  parameters  among  ai,  —  ,am  is  represented  by  a  term  M  =  rV~*  such  that 

aid, . . .,  am:i,  ni:negrAi'1, . . .,  nj:negr  Aj'1,  pi:posrC\'', . . . ,  Pk'pos  rCk~i  M  :  #, 

where  neg  and  pos  are  type  families  indexed  by  formulas,  and  #  is  a  new  type,  the  type  of  every 
valid  proof  term.  If  we  interpreted  a  sequent  calculus  as  a  refutational  calculus,  #  would  represent  a 
contradiction.  Below  we  show  the  representation  of  cut-free  sequent  derivations  as  an  LF  signature 
in  the  concrete  syntax  of  Elf. 
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#  :  type. 

neg  :  o  ->  type. 

pos  :  o  ->  type. 


axiom’ 

:  (neg  A  ->  pos  A  ->  #) . 

andl 1  ’  : 

(neg  A  ->  #) 

andr  ’ 

:  (pos  A  ->  #) 

->  (neg  (A  and  B)  ->  #) 

->  (pos  B  ->  #) 

->  (pos  (A  and  B)  ->  #) . 

andl2’  : 

(neg  B  ->  #) 

->  (neg  (A  and  B)  ->  #) 

impr  ’ 

:  (neg  A  ->  pos  B  ->  #) 

impl ’  : 

(pos  A  ->  #) 

->  (pos  (A  imp  B)  ->  #) . 

->  (neg  B  ->  #) 

->  (neg  (A  imp  B)  ->  #) 

orrl  ’ 

:  (pos  A  ->  #) 

->  (pos  (A  or  B)  ->  #) . 

orl  ’  : 

(neg  A  ->  #) 

->  (neg  B  ->  #) 

orr2  ’ 

:  (pos  B  ->  #) 

->  (pos  (A  or  B)  ->  #). 

->  (neg  (A  or  B)  ->  #) . 

notr  ’ 

:  (neg  A  ->  #) 

notl’  : 

(pos  A  ->  #) 

->  (pos  (not  A)  ->  #) . 

->  (neg  (not  A)  ->  #) . 

truer ’ 

:  (pos  (true)  ->  #) . 

f alsel ’ 

:  (neg  (false)  ->  #) . 

forallr’  :  ({a:i}  pos  (A  a)  ->  #) 

->  (pos  (f orall  A)  ->  #) . 


foralll’  :  {T:i>  (neg  (A  T)  ->  #) 

->  (neg  (forall  A)  ->  #) . 


exists!-’  :  {T:i>  (pos  (A  T)  ->  #) 

->  (pos  (exists  A)  ->  #) . 


existsl’  :  ({a:i}  neg  (A  a)  ->  #) 

->  (neg  (exists  A)  ->  #) . 


The  cut  rule  can  be  added  in  a  similar  style  (see  Appendix  B.2).  The  representations  is  adequate 
and  compositional,  we  skip  the  routine  formulation  of  such  a  theorem. 

We  consider  two  examples  of  classical  sequent  derivations  and  their  representation  in  Elf.  The 
first  is  the  law  of  excluded  middle. 

A  — ¥  -.(A),  A,  (A  V  -|(A)) 

— >  -■(A),  A,  (A  V->(A)) 

- V/L2 

— >  A,  (A  V  ->(A)) 

- — — -  Vrii 

— ¥  (A  V  -"(A)) 

Note  how  multiple  conclusions  are  necessary  so  that  both  right  rules  for  disjunction  may  be  applied 
in  succession.  This  derivation  is  represented  by  the  term 


([A:o]  [p:pos  (A  or  not  A)] 
orrl’  ( [pi: pos  A] 
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orr2’  (Cp2:pos  (not  A)] 

notr’  ([nl:neg  A]  axiom’  ni  pi) 

p2) 

P) 

P) 

{A:o}  pos  (A  or  not  A)  ->  #. 

The  following  example  provides  another  illustration  of  the  differences  between  intuitionistic  and 
classical  reasoning  in  the  sequent  calculus. 

- —  / 

->((Vx.  Ax)),Aa  — >  ->(Aa),  Aa,  (Vx.  Ax),  (3x.  ->(Ax)) 

-i((Vx.  Ax))  — y  -'(Aa),  Aa,  (Vx.  Ax),  (3x.  -'(Ax)) 

- . - - — —  3R 

-■((Vx.  Ax))  — y  Aa,  (Vx.  Ax),  (3x.  ->(Ax)) 

- — — — - —  V. Fia 

-i((Vx.  Ax))  — y  (Vx.  Ax),  (3x.  -'(Ax)) 

-■((Vx.  Ax))  — y  (3x.  -i(Ax)) 


It  is  represented  by  the  term 


( [A: i  ->  o] 

[n : neg  (not  (forall  [x]  A  x))] 

[p : pos  (exists  [x]  not  (A  x))] 
notl’  ([pi: pos  (forall  [x]  A  x)] 

forallr’  ([a:i]  [p2:pos  (A  a)] 

existsr’  a  ([p3:pos  (not  (A  a))] 

notr’  ([nl:neg  (A  a)] 
axiom’  nl  p2) 
p3) 


n) 


pD 


P) 


{A:i  ->  o> 

neg  (not  (forall  [x]  Ax)) 

->  pos  (exists  [x]  not  (A  x)) 

->  #. 

The  admissibility  of  the  cut  rule  for  the  cut-free  calculus  is  once  again  the  central  lemma  for 
cut  elimination.  There  are  now  more  cases,  since  there  may  be  side  formulas  on  the  right-hand 
sides  of  sequents.  However,  due  to  the  symmetry  of  the  rules,  the  proof  is  even  more  systematic 
than  in  the  intuitionistic  case.  It  also  follows  by  three  nested  structural  inductions. 

Theorem  7  (Classical  Admissibility  of  Cut)  Let  V  ::  (r  -4-  p:A,  A)  and  £  ::  ( T,n:A  —¥  A) 
be  cut- free  derivations  in  the  classical  sequent  calculus  G$.  Then  there  is  a  proof  term  f  and  a 

cut-free  sequent  derivation  of  IF  ::  (r  A). 

Proof:  By  three  nested  structural  inductions  on  A,  d ,  and  e.  D 
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The  notion  of  a  cross-cut  [Gal93],  though  without  multiplicities,  surfaces  naturally  in  this  proof: 
Since  formulas  are  never  discarded  they  must  be  eliminated  explicitly  from  both  premises  of  a  cut 
in  a  “cross-cut”  fashion  before  the  essential  cut  reduction  can  take  place.  The  implementation  of 
the  proof  is  by  a  type  family 

ca’  :  {A:o>  (pos  A  ->  #)  ->  (neg  A  ->  #)  ->  #  ->  type. 

that  implements  the  relation  between  A,  the  derivation  I),  the  derivation  E  and  the  resulting 
derivation  T . 

We  only  show  the  representation  of  one  case  in  the  proof  of  admissibility  here;  The  complete 
proof  representation  including  an  informal  version  of  each  case  may  be  found  in  Appendix  A. 2. 
The  first  three  appeals  to  the  induction  hypothesis  below  are  cross-cuts. 

ca_imp’  : 

ca’  (A  imp  B)  ( [p]  impr’  (Di  p)  p)  ( [n]  impl’  (El  n)  (E2  n)  n)  F 

<-  ({pi : pos  A>  ca’  (A  imp  B)  (  [p]  impr’  (Dl  p)  p)  ( [n]  El  n  pi)  (El’  pi)) 

<-  ({n.2:neg  B>  ca’  (A  imp  B)  ( [p]  impr’  (Dl  p)  p)  ( Cn]  E2  n  n2)  (E2’  n2)) 

<-  ({nl:neg  A}  {p2:pos  B> 

ca’  (A  imp  B)  ( [p]  Dl  p  nl  p2)  ( [n]  impl’  (El  n)  (E2  n)  n) 

(Dl’  nl  p2) ) 

<-  ({p2:pos  B>  ca’  A  ([pi]  El’  pi)  ([nl]  Dl’  nl  p2)  (F2  p2)) 

<-  ca’  B  ( [p2]  F2  P2)  ( [n2]  E2’  n2)  F. 


7  Conclusion 

We  have  presented  new  proofs  of  cut  elimination  for  intuitionistic  and  classical  sequent  calculi. 
The  proof  in  the  intuitionistic  case  is  motivated  by  maintaining  a  close  correspondence  between 
proof  search  for  natural  deduction  and  sequent  derivations.  It  is  this  proximity  that  permits  a 
natural  representation  of  the  sequent  calculus  in  LF.  Furthermore,  we  show  how  the  proof  of  cut 
elimination  can  be  implemented  in  Elf,  although  the  fact  that  this  implementation  models  the 
informal  argument  is  still  partly  an  informal  property,  just  like  the  adequacy  of  the  LF  encoding 
of  derivations.  The  proof  representation  is  extremely  concise  and  much  shorter  than  an  informal 
proof  of  the  same  argument  (if  all  the  cases  were  given,  of  course).  In  the  two  appendices  below  we 
give  the  details  of  the  proofs  which  were  obtained  via  a  program  that  translates  the  internal  form 
of  Elf  declarations  to  LaTeX  source.  This  “informalized”  version  of  the  proof  representation  can 
be  inspected  for  correctness  like  ordinary  informal  mathematical  proofs. 

In  order  to  give  the  reader  a  feel  for  the  efficiency  of  LF  representation  techniques  and  the 
Elf  implementation  I  give  a  brief  summary  of  the  development  history  of  the  work  described  here. 
For  a  long  time  I  had  thought  that  a  representation  of  a  cut  elimination  proof  in  LF  would  be 
prohibitively  complex — if  I  were  to  undertake  it,  I  would  use  a  system  like  Coq  in  which  tactics 
can  be  used  to  automate  long  chains  of  trivial  reasoning  steps;  Elf  does  not  provide  this  sort  of 
automation  technique.  The  basic  difficulty  can  be  traced  to  the  representation  of  sequents  and 
sequent  derivations  themselves.  It  is  often  informally  stated  that  a  sequent  calculus  may  be  viewed 
as  a  calculus  of  proof  search  for  natural  deduction.  Once  I  took  this  remark  literally,  it  took  me 
a  day  to  write  out  the  representation  of  sequent  derivations  and  the  proof  of  admissibility  for  the 
intuitionistic  calculus  in  Elf  (fortunately,  the  first  approach  I  tried  worked).  It  took  me  another 
half  day  to  write  out  and  debug  admissibility  of  cut  for  the  classical  sequent  calculus.  From  these 
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I  reconstructed  and  checked  the  informal  arguments  by  hand,  which  took  me  another  couple  of 
days.  The  combined  sources  of  representations  and  proofs  for  intuitionistic  and  classical  case  are 
739  lines  of  Elf  code  (with  only  a  few  comments,  but  without  white-space  compression).  Type¬ 
checking  the  proof  takes  about  2  secs  on  a  Dec  Alpha.  Writing  the  program  which  generates  the 
informal  version  of  the  proof  from  its  formalization  took  about  2  weeks,  with  several  false  starts 
(this  involved  programming  in  Elf,  Emacs  Lisp,  and  LaTeX). 

Another  analysis  of  cut  elimination  for  a  small  propositional  fragment  of  classical  logic  is  given 
by  Matthews  [Mat94]  in  FSq.  His  proof  is  traditional — sequents  are  represented  as  lists,  and  termi¬ 
nation  is  proved  by  induction  on  a  standard  complexity  measure.  It  has  not  yet  been  implemented, 
but  it  is  clear  from  the  sketched  development  that  it  would  require  much  time  and  effort  just  to 
prove  basic  properties  of  sequent  derivations,  their  lengths,  etc.  For  the  predicate  calculus  this 
overhead  would  be  even  higher,  since  a  theory  binding  would  have  to  be  developed  first. 

Once  the  structural  proof  of  admissibility  has  been  found  and  implemented,  it  is  natural  to 
ask  if  it  can  also  be  encoded  in  stronger  frameworks  such  as  Coq  [DFH+93]  so  that  structural 
inductions  are  made  explicit  and  the  proof  is  fully  formally  verified.  There  are  several  aspects  of 
our  proof  which  make  this  difficult.  The  first  is  the  use  of  higher-order  abstract  syntax,  which 
is  not  available  in  a  similarly  straightforward  fashion  in  other  candidate  environments.  Thus  one 
either  has  to  try  ideas  from  [DH94]  (which  we  have  not  attempted)  or  use  an  encoding  such  as 
de  Bruijn  indices  and  explicitly  represent  contexts.  In  either  case  one  has  to  prove  a  number  of 
auxiliary  lemmas  regarding  substitutions  which  are  not  needed  in  our  representation.  The  second 
difficulty  arises  from  the  non-deterministic  nature  of  the  cut  elimination  algorithm  contained  in 
the  proof.  Making  it  deterministic  in  the  form  of  a  primitive  recursion  (which  would  be  required 
for  a  functional  framework)  would  lead  to  an  explosion  in  the  number  of  cases  that  would  have  to 
be  considered.  It  appears  the  only  way  to  avoid  at  least  some  of  this  combinatorial  explosion  is  to 
introduce  termination  measures  after  all,  which  requires  a  new  sequence  of  lemmas  regarding  sizes 
of  formulas  and  derivations.  We  conclude  that  a  similarly  elegant  representation  of  cut  elimination 
in  other  systems  is  a  non-trivial  challenge  which,  we  hope,  others  will  take  up. 

In  future  work  we  plan  to  verify  mechanically  that  the  given  signatures  indeed  implement  proofs. 
The  prototype  implementation  of  the  schema-checker  sketched  in  [Roh94]  currently  accepts  them, 
but  the  (meta-meta-) theoretical  analysis  of  schema-checker  itself  is  not  yet  complete.  In  other 
future  work  we  plan  to  reexamine  the  connection  between  normalization  and  cut  elimination  (see, 
for  example,  [Zuc74])  in  the  same  framework.  Another  direction  is  to  study  cut  elimination  in  a 
formulation  as  a  higher-order  rewrite  system  along  the  lines  of  Nipkow  [Nip91],  but  using  dependent 
types.  We  first  note  that  our  system  of  rules  is  terminating  (note  that  we  cannot  permute  adjacent 
cuts!).  Assuming  the  completeness  of  a  critical  pair  criterion  for  the  dependently  typed  calculus,  the 
system  is  confluent  modulo  Kleene’s  permutations  of  adjacent  inference  rules  in  the  cut-free  system. 
This  means  that  our  cut  conversions  do  not  identify  intuitively  unrelated  sequent  derivations,  which 
has  been  a  problem  in  other  systems  as  noted  by  Lafont  (see  [Gal93]). 

Finally,  we  have  a  formulation  of  a  sequent  calculus  for  classical  linear  logic  based  on  the  ideas 
in  this  paper.  There  is  a  combinatorial  explosion  of  cases  (and  we  have  not  checked  all  of  them), 
but  we  conjecture  that  a  structural  proof  of  cut-elimination  is  still  possible.  To  represent  such  a 
proof  concisely  would  require  a  linear  framework,  which  is  the  subject  of  other  current  research. 
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A  Detailed  Admissibility  Proofs  for  Cut 

In  this  appendix  we  give  the  details  of  the  admissibility  of  cut  for  intuitionistic  and  classical  sequent 
calculi.  For  each  case  in  the  two  proofs  we  show  the  formalization  as  an  Elf  declaration,  followed 
by  an  automatically  generated  informal  rendering  of  the  case.  In  order  to  make  the  informal  proof 
cases  more  readable  we  omit  explicit  proof  terms.  This  means  that  appeals  to  weakening  and 
contraction  lemmas  are  not  visible  (see  the  implicit  contraction  in  the  first  case,  for  example).  We 
apologize  for  the  unintuitive  naming  of  variables.  Variable  names  are  chosen  by  Elf  during  type 
reconstruction  and  printing,  and  our  naming  heuristics  are  currently  too  simplistic. 

Substitution  for  individual  and  propositional  parameters  arises  in  the  admissibility  proof  for 
cut  in  a  few  cases.  When  a  formula  or  derivation  may  depend  on  a  variable  x  or  parameter  a  we 
indicate  this,  for  example,  by  writing  Ax  or  Va.  Instead  of  [t/x]A  or  [t/a]V  we  then  write  At  or 
Vt  for  the  result  of  a  substitution  t  for  x  or  a.  This  is  more  perspicuous  and  also  closer  to  the  Elf 
implementation  and  therefore  much  easier  to  generate. 

A.l  Intuitionistic  Calculus 

A  case  in  the  proof  of  admissibility  of  cut  in  the  intuitionistic  sequent  calculus  is  represented  as  a 

transformation  „  _ 

V  £  F 

t^a  <g)  r,A-^c  =*  r— 

where  T  may  refer  to  derivations  constructed  by  appeals  to  the  induction  hypothesis.  These  are 
given  below  the  first  line  (which  identifies  the  case  under  consideration)  in  an  appropriate  order. 
In  all  cases  the  decreasing  structural  component  should  be  apparent;  it  would  have  been  awkward 
to  include  this  information,  since  proof  terms  have  been  omitted.  In  the  remarks  we  loosely  refer 
to  the  principal  formula  or  side  formula  when  properly  speaking  we  mean  the  principal  formula 
occurrence  or  side  formula  occurrence.  We  could  be  pedantic  using  labelled  hypotheses,  but  only 
at  a  heavy  cost  in  legibility. 

The  relation  between  V ,  £,  and  T  is  implemented  as  a  type  family 
ca  :  {A : o}  cone  A  ->  (hyp  A  - >  cone  C)  — >  cone  C  ->  type. 

The  cases  below  are  divided  into  the  four  classes  mentioned  in  the  proof  of  Theorem  5.  In  analogy 
to  other  published  proofs  we  call  them  initial  conversions  (one  of  V  or  £  is  initial  with  the  cut 
formula  as  a  principal  formula),  essential  conversions  (cut  formula  is  principal  in  V  and  £),  left 
commutative  conversions  (cut  formula  is  side  formula  in  V ),  and  right  commutative  conversions 
(cut  formula  is  side  formula  in  £). 

Initial  Conversions.  These  are  the  cases  in  the  proof  where  either  T>  or  S  is  an  initial  sequent  with 
principal  formula  being  the  cut  formula  A. 


ca_axiom_l  :  ca  A  (axiom  H)  E  (EH). 


r,Ai 


N 

f,  Ai,  Ai  — >  A 
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ca_axiom_r  :  ca  A  D  ([h:hyp  A]  axiom  h)  D. 

N  _ j  N 

r  — »  a  ®  r,A—^ a  =>  r  y a 

Essential  Conversions.  These  are  the  steps  in  the  proof  where  the  cut  formula  is  the  principal  formula 
of  the  last  inference  in  both  V  and  £. 


ca_andl  :  ca  (A1  and  A2)  (andr  D1  D2) 

(Ch:hyp  (A1  and  A2)]  andll  (El  h)  h)  F 
<-  ({hl:hyp  Al} 

ca  (Al  and  A2)  (andr  D1  D2) 

( [h : hyp  (Al  and  A2)]  El  h  hi)  (El'  hi)) 
<-  ca  Al  D1  El’  F. 


N 

r— 


Nz 

r— a2 


n4 


r_ >(Ai  aa2) 


■A  R 


F,  (Ai  A  A2),  Ai  — A 
®  T,(AiAA2) — t  A 


ATi 


N  N3 

r,Ai — y  Ai  r.Ai — y  A2  .. 

- - A  R  7V4 

®  r,Ai,(AiAA2) — yA 


T,  Ai  — y  (Ai  A  A2) 


N2 


Ni 


r,Ai  — >•  a 


N 


T 


0 


N2 


A 


ca_and2  :  ca  (Al  and  A2)  (andr  D1  D2) 

(Ch:hyp  (Al  and  A2)]  andl2  (E2  h)  h)  F 
<-  ({h2:hyp  A2> 

ca  (Al  and  A2)  (andr  D1  D2) 

( [h : hyp  (Al  and  A2)]  E2  h  h2)  (E2’  h2)) 

<-  ca  A2  D2  E2’  F. 

Nz  N  N4 

r— +a2  r— >Ai  r,(A2AAi),Ai  — >  a 

__ — - ar  - - - AL2 

T-^{A2AAi)  ®  r,  (A2  A  Ai)  — y  A 


n2 


A 


Nz 

r,Ai  -a  a2 


N 

r,  Ai  — y  Ai 


T,  Ai  — y  (A2  a  Ai) 


-A  R  Na 

®  r,Ai,(A2AAi) — y  A 


Ni 

r,Ai  — >  A 


N  Ni  N2 

r — y  Ai  ®  r,Ai — =>  r — yA 
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ca_imp  :  ca  (A1  imp  A2)  (impr  D2) 

(Ch:hyp  (A1  imp  A2)]  impl  (El  h)  (E2  h)  h)  F 
<-  ca  (A1  imp  A2)  (impr  D2)  El  El’ 

<-  ({h2:hyp  A2> 

ca  (A1  imp  A2)  (impr  D2) 

([h:hyp  (A1  imp  A2)]  E2  h  h2)  (E2’  h2)) 
<-  ca  A1  El’  D2  D2’ 

<-  ca  A2  D2 ’  E2‘  F. 


N4 

t,a2—>a1 


■DR 


r  — ¥  (a2  d  Ai)  0 


N6  N5 

r,  (a2  d  a{)  — >  a2  r,  (a2  d  Ai),  Ai  — >  a 

T,{A2DA1)->A 


dl 


n2 

r  — >  a 


n4 

r,  a2  — >  Ax 


■DR 


N6 


r— >(a2dAi)  0  r, (a2 d Ai)  — > a2 


n3 

t—*a2 


n4 

T,Ai,A2  — >  Ai 


■DR 


N5 


r,  Ai  — >  (A2  D  Ai)  0  F,  Ai,  (A2  D  Ai)  — >  A 


Ni 

r,A1  -4  A 


n3  n4 

r — >  a2  0  r,A2 — >  Aj 


N 

r  — y  Aj 


N  Ni 

r — » A\  0  r,Ai — >  a 


n2 

r  — >  a 
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ca_orl  :  ca  (A1  or  A2)  (orrl  Dl) 

( [h : hyp  (A1  or  A2)]  orl  (El  h)  (E2  h)  h)  F 
<-  (-[hi: hyp  Al> 

ca  (A1  or  A2)  (orrl  Dl) 

( [h : hyp  (A1  or  A2)]  El  h  hi)  (El’  hi)) 
<-  ca  A1  Dl  El’  F. 


N 

T-+A! 


VRi 


r  — »•  (Ai  v  a2)  0 


n3  n4 

r,  (Ai  v  a2),Ai  — >  a  r,  (Ai  v  a2),  a2  — >  a 

T,{A1VA2)-+A 


■VL 


n2 

r  — )■  a 


N 

r,A1—>A1 


■VRi 


Ns 


r,Ai  — >  (Ai  va2)  0  r,  Ai,  (A\  V  A2)  — >  A 


Ni 

T,A1  — >A 


N  Ni 

T— 0  r,A1—>A 


n2 

r— >  a 


ca_or2  :  ca  (A1  or  A2)  (orr2  D2) 

( [h : hyp  (A1  or  A2)]  orl  (El  h)  (E2  h)  h)  F 
<-  ({h2:hyp  A2> 

ca  (A1  or  A2)  (orr2  D2) 

( [h : hyp  (A1  or  A2)]  E2  h  h2)  (E2’  h2)) 
<-  ca  A2  D2  E2’  F. 


N 

r  — >  Ai 


V  R2 


r— ^(a2vAi)  0 


N4  Na 

r,  (A2  V  Ai),  A2 — >A  r,(A2  V  Ai),Ai — >  A 

r,(A2VA!)— >A 


•VL 


n2 

r  — >  A 


N 

r,  A\  — >  Ai 


-vr2 


Ns, 


T,Ai  — >  (A2  V  A\)  '  0  T,Ax,{A2  VAi)  — - >  A 


Ni 

r  ,Ai—*A 


N  Ni 

T — >  Ai  0  T,Ai—*A 


N2 

r— ¥  a 


ca_not  :  ca  (not  AI)  (notr  Dl) 

([h:hyp  (not  AI)]  notl  (El  h)  h)  (F2  C) 

<-  ca  (not  AI)  (notr  Dl)  El  FI 

<-  ({p:o>  ca  AI  FI  ([hi: hyp  AI]  Dl  p  hi)  (F2  p)). 
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STRUCTURAL  CUT  ELIMINATION 


Nipi  N3 

r,A — >pi  r,-1(A)  >-a 

- ,Rp  - - - L  1  2Al 

r— >-(A)  0  r.-n(A)— >Aa  =>  r  — > Ai 


Nipi 

r,  a  — >pi 

- ,RPl 

r  — *  --(A)  0 


n3 

r,->(A)  - 


N 


N 


A  0 


Nip 

r,  a  — 5 


N2p 


ca_forall  :  ca  (forall  Al)  (forallr  Dl) 

(Chrhyp  (forall  Al)]  foralll  T  (El  h)  h)  F 
<-  ({h2:hyp  (Al  T)> 

ca  (forall  Al)  (forallr  Dl) 

([h:hyp  (forall  Al)]  El  h  h2)  (El’  h2)) 
<-  ca  (Al  T)  (Dl  T)  El’  F. 


Na 


Aid 


(Vx.  Aix) 


-VR,a 


N3 

I\(Vx.  Ai*),Ax< 
0  T,  (Vx.  Aix)  — 


-VL 


Na 

r,  A\t  — >  A\a 
r,  Ait  — »  (Vx.  Aix) 


-VRa 


n3 

0  r,AiU(Vx.  Aix) 


A 


n2 


ca_exists  :  ca  (exists  Al)  (existsr  T  Dl) 

([h:hyp  (exists  Al)]  existsl  (El  h)  h)  F 
<-  ({a:i>  {hl:hyp  (Al  a)> 

ca  (exists  Al)  (existsr  T  Dl) 

([h:hyp  (exists  Al)]  El  h  a  hi)  (El’  a  hi)) 
<-  ca  (Al  T)  Dl  (El’  T)  F. 


A  DETAILED  ADMISSIBILITY  PROOFS  FOR  CUT 
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N 

r— 


■3  R 


N3a2 

T,  (Eta.  Aix),Aia2  — >  A 


T — y  (3a;.  A\x)  0  F,  (3x.A\x) — yA 


■3  L“2 


N2 

T  — y  A 


N 

r,  Axa  — y  A\t 


■3  R 


N3a 


F,Aia — >(3a;.Aia;)  0  F,  A\a,  (3a;.  Aix) — y  A 


Nxa 

r,  Aid  — >■  a 


N  Nxt  N2 

r—+Ait  0  r ,Ait-+A  =>  r— >a 


Left  Commutative  Conversions.  In  these  cases  the  cut  formula  is  a  side  formula  in  the  deduction 
V  ::  (r  — ►  A).  Note  that  the  deduction  V  must  end  in  a  left  rule,  since  otherwise  A  would  be  its  principal 
formula. 


cal_andll  :  ca  A  (andll  D1  H)  E  (andll  Dl’  H) 

<-  {hi: hyp  Bl>  ca  A  (Dl  hi)  E  (Dl’  hi). 


N 

r,  (A  A  A3),  A  — y  A2 

- A  Lx 

T,  (A  A  A3)  — y  A2  0 


Ni 

T,  (A  A  A3),  A2  — >•  Ax 


n2 

T,  (A  A  A3) ,  A  — >■  Ai 

- A  Lx 

F,  (A  A  A3)  — y  A 1 


N 

T,  (A  A  A3),  A 


Ni 

0  r,(AA  a3),  a,  a2 


Ai 


n2 

r,  (A  A  As),  A 


Ai 


cal_andl2  :  ca  A  (andl2  D2  H)  E  (andl2  D2’  H) 

<-  {h2 : hyp  B2>  ca  A  (D2  h2)  E  (D2’  h2) . 


N 

T,  (A3  A  A),  A — y  A2 

- A  l2  Ni 

r,  (A3  A  A)  — y  A2  0  r,(A3AA),A2  — y  Ax 


N2 

T,  (A3  A  A),  A  — y  Ax 
T,  (A3  A  A)  — y  Ax 


-  A L2 


N  Nx 

r,  (a3  a  a),  a  — y  a2  0  r,  (a3  a  a),  a,  a2  — y  ax 


n2 

r,  (A3  A  A),  A — y  Ai 


cal_impl  :  ca  A  (impl  Dl  D2  H)  E  (impl  Dl  D2’  H) 

<-  ({h2:hyp  B2>  ca  A  (D2  h2)  E  (D2’  h2)). 
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Ns  N 

r,  {As  D  A)  — >  As  T,{AsDA),A— 4  A2 

r,  (As  D  A)  — *•  As 


dl  * 

0  I\(A3dA),A2 


Ai 


N3  N2 

r,  (a3  d  a)  — *•  a3  r ,  (  a3  d  a)  ,  a  — » Ai 

r,  (A3  D  A)  — >  Ai 


dl 


N  N! 

r,  (A3  D  A),  A  — A2  0  r,(A3D  A),A,A2  — ■»  Ai 


n2 

r,  (A3  D  A),  A  — Ai 


cal.orl  :  ca  A  (orl  D1  D2  H)  E  (orl  Dl’  D2>  H) 

<-  ({hi: hyp  Bl>  ca  A  (D1  hi)  E  (Dl’  hi)) 
<-  ({h2:hyp  B2>  ca  A  (D2  h2)  E  (D2*  h2)). 


Ns  N 

r,(A3VA),A3  — >  A2  r,(A3VA),A-+A2 

r,  {As  V  A)  — >  A2 


WL  * 

0  r,  (a3va),a2 


N4  N2 

I\(A3  VA),A3  — >  Ai  r,(A3  VA),A— >  Ai 

r,  (As  V  A)  — >  Ai 


Vi 


N3  Ni  N4 

I\(A3VA),A3 — >  As  0  r,(A3  V  A),A3,A2 — >  Ax  =>  r,(A3VA),A3 — »  Ai 

JV  iVi  a2 

r,  (A3  V  A),  A  — *■  A2  0  r,(A3VA),A,A2  — *  Ai  =►  r,  (As  v  A),  A  — *  Ai 


cal_notl  :  ca  A  (notl  Dl  H)  E  (notl  Dl  H) . 


N 

r,-i(A2)  — y  As 

- \l> 

r,  ~>{As)  — >  Ai  0 


Ni 


r,-t(A2),Ai 


N 

r,-i(A2)  — *■  a2 
r,->(A2)  — >  A 


cal_falsel  :  ca  A  (falsel  H)  E  (falsel  H) . 


A  DETAILED  ADMISSIBILITY  PROOFS  FOR  CUT 
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- II 

r ,  j_  — >  Ai  0 


N 


r,±,Ai 


r,± 


A 


LL 


cal.foralll  :  ca  A  (foralll  T  D1  H)  E  (foralll  T  D1 ’  H) 
<-  (-Ch>  ca  A  (Di  h)  E  (Dl’  h)). 


N 

I\(Vx.  Ax),At— >A2 

- VL  Nl 

T,  (Vx.  Ax)  — >  A2  0  F,  (Vx.  Ax),  A2  — >  Ai 


n2 

T,  (Vx.  Ax),  At  — i-  A\ 
r,  (Vx.  Ax)  — *  Ai 


-VI 


N  Ni 

r,  (Vx.  Ax),  At — >•  A2  0  r,  (Vx.  Ax),  At,  A2 — >  Ai 


N2 

r,  (Vx.  Ax),  At  — >AX 


cal_existsl  :  ca  A  (existsl  Dl  H)  E  (existsl  Dl’  H) 
<-  ({a:i>  {h:hyp  (B1  a)> 

ca  A  (Dl  a  h)  E  (Dl*  a  h)). 


Na  i  N2ai 

r,  (3x.  Ax),  Aai  — ►  A2  sr  r,  (3x.  Ax),Ad\  >  A\ 

_ — _ _ _ 3  Ni  - 3La' 

I\(3x.  Ax) — >A2  0  r,(3x.  Ax),A2  — >  Ai  =*■  r,(3x.Ax) — y  A\ 

Na  Ni  N2a 

r,(3x.  Ax),  Aa — >  A2  0  r,  (3x.  Ax),  Aa,A2 — >  Ai  ==>  T,(3x.  Ax),Aa — >  Ai 

Right  Commutative  Conversions.  In  these  cases,  the  formula  A  in  I  ::  (r,A  — *  C)  is  a  side 
formula  of  the  last  inference  in  Z.  These  cases  are  not  necessarily  exclusive  with  the  left  commutative 
conversions  above.  There  are  three  classes  of  subcases:  The  last  inference  in  Z  may  be  an  axiom,  a  left  rule, 
or  a  right  rule. 


car_ axiom  :  ca  A  D  ([h:hyp  A]  axiom  HI)  (axiom  HI). 


N 


r,A — >  Ai  0  r,A,Ai 


r,A- 


car_andr  :  ca  A  D  ([h:hyp  A]  andr  (El  h)  (E2  h))  (andr  El’  E2’) 
<-  ca  A  D  El  El’ 

<-  ca  A  D  E2  E2 ’ . 


/ 
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A 


r 


0 


A3  Ax 

r,Ai — >  a2  r,Ai — >  a 


r,A1^(A2AA) 


A  R 


A4  n2 

r  — >■  a2  r  — *  a 


r  — y  (a2  a  a) 


A  R 


A  N3  A4 

r  — *■  Ai  0  r,  Ai  — y  a2  =>  r  — >  a2 


A  Ax  a2 

r — y  Ai  0  r,Ax — >a  =>  r — >a 


car_andli:  ca  A  D  ([h:hyp  A]  andll  (El  h)  H)  (andll  El’  H) 

<-  ({hlrhyp  Bl}  ca  A  D  ([h:hyp  A]  El  h  hi)  (El’  hi)). 


A 


Ax 

F,  ( A  A  A3),  A2,  A  — y  Ax 


Ala 


r,  (A  A  A3)  — ^  A2  0  r,(AAA3),A2  — »  Ax 


A2 

r,(AAA3),A-4Ax 
r,  (A  A  A3)  — >■  Ax 


A  L\ 


A  Ax 

r,  (A  A  A3) ,  A — >  A2  0  r,  (A  A  A3),  A,  A2 — Ax 


a2 

r,(AAA3),A— >Ax 


car_andl2:  ca  A  D  ([h:hyp  A]  andl2  (E2  h)  H)  (andl2  E2’  H) 

<-  ({h2:hyp  B2>  ca  A  D  ([h:hyp  A]  E2  h  h2)  (E2’  h2)). 


A 


Ax 

T,  (A3  A  A),  A2,  A  — y  Ax 


F,  (A3  A  A) — y  A2  0  T,(A3  AA),A2 — >Ax 


-  A L2 


a2 

r,  (A3  A  A),  A  — ^  Ax 
T,  (As  a  A)  — y  Ax 


■  al2 


A  Ax 

r,(A3  A  A),  A— >  A2  0  r,(A3A  A),A,A2  — >  Ax 


a2 

r,  (a3  a  a),  a  — Ax 


car_impr  :  ca  A  D  ([h:hyp  A]  impr  (E2  h))  (impr  E2’) 

<-  ({hi : hyp  Bl}  ca  A  D  ([h:hyp  A]  E2  h  hi)  (E2’  hi)). 


A 


Ax 

r,  a2,  a  — >•  Ax 


r— >a2  0  r,A2— UadAx) 


OR 


a2 

r,A— +  Ax 
r— +(adAi) 


or 


A  Ax 

T,A — y  a2  0  r,A,  A2 — >■  Ax 


a2 

r,A-^Ax 
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car_impl  :  ca  A  D  ([h:hyp  A]  impl  (El  h)  (E2  h)  H)  (impl  El’  E2’  H) 
<-  ca  A  D  El  El’ 

<-  ({h2:hyp  B2}  ca  A  D  ([h:hyp  A]  E2  h  h2)  (E2’  h2)). 


A3  Ni 

r,  (A3  D  A),  A2  — >  A3  r,(A3DA),A2,A— >  Ai 

A  - - - 31, 

r, (a3 d a)  — ¥ a2  ®  i\(a3da),a2  — >  ax 

a4  n2 

r,  (A3  D  A)  — »  A3  I\(A3DA),A  — vAx 

— - Dl 

=►  r,  (A3  d  A)  — +  A, 


A  A3  AT4 

r,  (a3  d  a) — a2  ®  r,(A3DA),A2 — >-a3  =>•  r,  (a3dA) — ■>  a3 


A  Ni  N2 

r,  (A3  D  A),  A  — >  A2  <g)  r,(A3D  A),A,A2 — »Ai  =>  I\(A3DA),A — vAi 


car_orrl  :  ca  A  D  ([h:hyp  A]  orrl  (El  h))  (orrl  El’) 
<-  ca  A  D  El  El’ . 


A 


Yi 

T,Ai  — >  A 


N2 

r  — >  a 


T  — >  Ai  ®  T,Ai  — >  (AVA2) 


•VRi 


r  _ 5-  (a  v  a2) 


-  Vi?i 


A  Ai  A2 

r — >-Ai  <g)  r,Ai — >A  =>  T — >  A 


car_orr2  :  ca  A  D  ([h:hyp  A]  orr2  (E2  h))  (orr2  E2’) 
<-  ca  A  D  E2  E2 ’ . 


Ni 


A 


r,  ax 


a2 

r  — >  a 


Ai  ®  r,Ai — >  (A2  V  A) 


-  va2 


(A2  V  A) 


-va2 


A 


Ai 


1 


A 


=>  r 
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car_orl  :  ca  A  D  ([h:hyp  A]  orl  (El  h)  (E2  h)  H)  (orl  El’  E2’  H) 
<-  ({hi: hyp  Bl>  ca  A  D  ([h:hyp  A]  El  h  hi)  (El’  hi)) 
<-  ({h2:hyp  B2>  ca  A  D  ([h:hyp  A]  E2  h  h2)  (E2’  h2)). 


N 


r,  (As  V  A)  — y  A2  (g) 


N3  Ni 

r,  (As  V  A),  A2,  As  — y  Al  T,  [As\/  A),  A2,  A Ax 

r,(A3VA),A2  — ¥  Ai 


■VI 


n4  a2 

r,(As  VA),A3  — ►  Ax  r,(A3VA),A  — >  Ax 

r,  (A3  V  A)  — ¥  Ai 


VI 


N  As 

r,(As  VA),As  — *  A2  0  r,(A3VA)!A3!A2  — >  Al 


A4 

r,  (A3  V  A),  A3  — >  Ai 


N  Ai 

r,(As  VA),A— >  A2  0  r,(As  VA),A,A2  — »•  Ai 


N2 

r,  (A3  V  A),  A  — >  Ai 


car_notr  :  ca  A  D  ([h:hyp  A]  notr  (El  h) )  (notr  El’) 

<-  ({p:o}  {hi : hyp  Bl>  ca  A  D  ([h:hyp  A]  El  h  p  hi)  (El’  p  hi)), 


N 


N1P1 

r,  Ai,  a  — >  p\ 


r — >Ai  0  r,Ai — » -■(A) 


-RPl 


N2P1 

r,  a  — >pi 
r  — >  -’(A) 


N  Ai  p  N2p 

T,A—+Ai  0  r,A,Ai^p  =A  r,A— >p 


car_notl  :  ca  A  D  ([h:hyp  A]  notl  (El  h)  H)  (notl  El’  H) 
<-  ca  A  D  El  El’ . 


N 


Ai 

r,i(A),Ai  — *■  A 


r,->(A) — >  Ai  0  r,-.(A),Ai — >  a2 


a2 

r,^(A)  — >  a 
r,-’(A)  — >a2 


N  Ai 

r,-i(A) — >  Ai  0  r,-.(A),Ai — >A 


n2 

r,  -’(a)  — >  a 
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car_truer :  ca  A  D  ([h:hyp  A]  truer)  (truer). 


0  r,A— » t 


■TR 


T  R 


car_falsel  :  ca  A  D  ([h:hyp  A]  falsel  H)  (falsel  H) . 


N 


r,±— +  Ai  0  r,±,Ai 


■LL 


1L 


car_forallr  :  ca  A  D  ([h:hyp  A]  forallr  (El  h))  (forallr  El’) 
<-  ({a:i}  ca  A  D  ([h:hyp  A]  El  h  a)  (El*  a)). 


N 


Nidi 

r,  A\  — y  Ac si 


r— ¥Ai  0  T,A1— >(Vx.Ax) 


-VR°> 


N2ai 

F  — y  Aa  i 
T  — >  (Vx.  Ax) 


-VRa' 


N  Nia 

T — >  Ai  0  T,Ai — >  Aa 


N2a 

r — ►  Aa 


car_f oralll :  ca  A  D  ([h:hyp  A]  foralll  T  (El  h)  H)  (foralll  T  El’  H) 
<-  ({hi}  ca  A  D  ( [h : hyp  A]  El  h  hi)  (El’  hi)). 


N 


Ni 

r,  (Vx.  Ax)  ,A2,At  — y  Ax 


F,  (Vx.  Ax) — y  A2  0  T,  (Vx.  Ax),  A2 — y  Ax 


-VI 


N2 

r,(V*.  Ax),  At  — >Ai 
r,  (Vx.  Ax)  — >  Ai 


N  Ni 

r,  (Vx.  Ax),  At — y  A2  0  r,  (Vx.  Ax),  At,  A2 — >  Ai 


N2 

r,  (Vx.  Ax),  At  — y  A 


car_existsr  :  ca  A  D  ([h:hyp  A]  existsr  T  (El  h))  (existsr  T  El’) 
<-  ca  A  D  El  El’. 


VI 
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Ni 

r,Ai  — >  At 
0  r,Ai — >•  (3 x.  Ax) 


■3  R 


N2 

r  — >  At 


(3x.  Ax) 


•3  R 


N 


Ni 


Ai  0  r,Ai 


■  At 


n2 


At 


car_existsl  :  ca  A  D  (fh:hyp  A]  existsl  (El  h)  H)  (existsl  El’  H) 
<-  ({a:i>  {hl:hyp  (B1  a)> 

ca  A  D  ([h:lxyp  A]  El  h  a  hi)  (El’  a  hi)). 


N 


Nidi 

Y,{3x.Ax),A2,Aax  — y  A\ 


r,  (3x.  Ax)  — >■  A2  0  r,  (3x.  Ax),A2  — >  Ai 


■3  La> 


N2ai 

T,  (3x.  Ax),  Aai  — y  A\ 
T,  (3x.  Ax)  — v  A\ 


•3 


N  Nia 

T,(3x.Ax),Aa — y  A2  0  r,  (3x.  Ax),  Aa,  A2 — y  Ai 


N2a 

F,  (3x.  Ax),  Aa  — y  Ax 


A. 2  Classical  Calculus 

We  list  the  cases  using  the  same  conventions  as  for  the  intuitionistic  calculus  above.  A  transfor¬ 
mation  now  has  the  form 

V  £  F 

r  — >  a,a  0  r,A— =>  r  — *•  a 

where  J~  may  refer  to  derivations  constructed  by  appeals  to  the  induction  hypothesis.  This  relation 
is  implemented  by  a  type  family 

ca’  :  {A:o>  (pos  A  ->  #)  ->  (neg  A  ->  #)  ->  #  ->  type. 

Initial  Conversions.  Here  either  T>  or  £  is  initial  with  the  cut  formula  A  as  the  principal  formula. 
Note  that  appeals  to  contraction  are  implicit  since  we  omit  proof  terms  in  this  presentation.  Recall  that 
contraction  does  not  change  the  structure  of  the  derivation  (only  the  proof  term  by  substituting  one  formula 
label  for  another). 


ca_axiom’l  :  ca’  A  ([p]  axiom’  N  p)  E  (E  N) . 


r,  a 


A,  A 


0 


N 

r,  a,  A  - 


N 


r,A 


a 


ca_axiom’r  :  ca’  AD  ( [n]  axiom’  n  P)  (D  P). 


r 


N 

A,  A,  A  0 


N 


A,  A 
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Essential  Conversions.  Here  the  cut  formula  A  is  the  principal  formula  of  the  last  inference  in  both 
V  and  £. 


ca_andl’  : 

ca’  (A  and  B)  ( Cp]  andr’  (D1  p)  (D2  p)  p)  ([n]  andll’  (El  n)  n)  F 

<-  (-Cpl:pos  A}  ca’  (A  and  B)  ( [p]  D1  p  pi)  ( [n]  andli’  (El  n)  n)  (Dl’  pi)) 
<-  ({nirneg  A} 

ca’  (A  and  B)  ( [p]  andr1  (Dl  p)  (D2  p)  p) 

([n]  El  n  nl)  (El’  ni)) 

<-  ca’  A  ([pi]  Dl’  pi)  ([nl]  El’  nl)  F. 


N3  N4 

T  — >  A,(AaAi),A  r— >Ai,(AAAi),A 

r  — >•  (A  A  A\),  A 

n2 

=>  r— >  a 


•A  R 


n5 

r,(A  A  Ai),A  — >  A 
0  r,  (A  A  A\)  — y  A 


•  ALi 


N3 


Ns 

T,  (A  A  Ax),  A  — ¥  A,  A 


r— )-(AaA1)1A>A  0  r,(AAA!)  — >A,A 


•  ALi 


N 

T  — y  A.  A 


N3  N4 

r,A— >  A,(AaAi),A  r,A— j-Ai,(AaAi),A 

r,A— >  (AaAi),A 

Ai 

==>  r,A — >  a 


A  R  N 5 

0  r,  A,  (A  A  Ai)  — >  A 


N  Ni  N2 

r— >a,a  0  r,A— >a  =>  r— 4A 
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STRUCTURAL  CUT  ELIMINATION 


ca_and2  ’  : 

ca’  (A  and  B)  ( [p]  andr’  (D1  p)  (D2  p)  p)  ( [n]  andl2’  (E2  n)  n)  F 

<-  ({p2 :pos  B>  ca*  (A  and  B)  ([p]  D2  p  p2)  ([n]  andl2>  (E2  n)  n)  (D2>  p2)) 
<-  (-[n2:neg  B> 

ca’  (A  and  B)  ( [p]  andr’  (D1  p)  (D2  p)  p) 

([n]  E2  n  n2)  (E2’  n2)) 

<-  ca’  B  ( [p2]  D2’  p2)  ( [n2]  E2’  n2)  F. 


7V3  TV4  TVs 

r  -^au{Ai  aa),a  r  — >  a,{a1  aa),a 

- - A  R  - : - - — A  Li 


r-^(AlAA),A 


0  r,  (Ai  A  A)  — y  A 


tv2 

r— a  a 


TV4 


TVs 

T,  (Ai  A  A),  A  — >  A,  A 


r  (Ai  A  A),  A,  A  0  r,  (Ai  A  A)  — )■  A,  A 


A  L2 


TV 

r— 4  a,a 


TVs  TV4 

r,A— 4  Ai,(Ai  A  A),  A  F,  A  — >  A,  (Ai  A  A),  A 

r,A— »(Ai  A  A),  A 


Ml  Ns 

0  r,  A,  (Ai  A  A)  — >  A 


TVi 

r,  a  — >  a 


TV  TVX  TV2 

r— » a,a  0  r,A— 4 a  =►  r— *a 
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ca_imp’  : 

ca’  (A  imp  B)  ( [p]  impr’  (Di  p)  p)  ([n]  impl’  (El  n)  (E2  n)  n)  F 

<-  (-[pl:pos  A>  ca’  (A  imp  B)  ( [p]  impr’  (Dl  p)  p)  ( [n]  El  n  pi)  (El*  pi)) 

<-  ({n2:neg  B>  ca’  (A  imp  B)  ( Cp]  impr’  (Dl  p)  p)  ([n]  E2  n  n2)  (E2’  n2)) 

<-  (-[nl:neg  A>  {p2:pos  B} 

ca’  (A  imp  B)  ( [p]  Dl  p  nl  p2)  ( [n]  impl’  (El  n)  (E2  n)  n) 

(Dl’  nl  p2) ) 

<-  (-Cp2:pos  B>  ca’  A  ([pi]  El’  pi)  ([nl]  Dl’  nl  p2)  (F2  p2)) 

<-  ca’  B  ( [p2]  F2  p2)  ( [n2]  E2’  n2)  F. 


T,Ai 


A5 

A,  (Aj.  D  A),  A 


(Ai  DA), A 
A2 

r — ►  a 


DR 


Ag 

r,(Ai  D  A)  — >  Ax,  A 


N7 

r,  (Ax  D  A),  A 


r,  (Ax  D  A)  — v  A 


O  L 


As 

r,Ai — >  A,  (Ax  D  A),  Ax,  A 

- dr  A6 

r  — >  (Ax  D  A),  Ax,  A  0  T,(AxDA)—>Ax,A 


N3 

r— >  Ai,A 


A5 

r,  A,  Ax  — >  A,  (Ax  D  A),  A 

- dr  A7 

T,A  — *{Ax  DA), A  0  T,A,  (Ai  D  A)  — *•  A 


Ai 

r,  a  — >  a 


A6  At 

r,Ai,(Ai  D  A)  —¥  Ax, A, A  T,  Ax,  (Ax  D  A),  A  — >  A,  A 

As  _ - - — — - - 

T,Ax  — >  (Ax  DA),  A,  A  0  T,Ax,(AxDA)—tA,  A 

A4 

=>■  r,Ai  — >  A,  A 


a3  a4  a 

r  — >  Ax, A,  A  0  T,Ax—>A,A  =>  T  — >  A,  A 


A  Nx  A2 

r  — *■  a, a  0  r, a  — > a  =*  r— >a 


DL 


42 


STRUCTURAL  CUT  ELIMINATION 


ca_orl’  : 

ca’  (A  or  B)  ( [p]  orrl’  (D1  p)  p)  ( [n]  orl’  (El  n)  (E2  n)  n)  F 

<-  ({nl:neg  A>  ca’  (A  or  B)  ([p]  orrl’  (D1  p)  p)  ( [n]  El  n  nl)  (El’  nl)) 
<-  ({pi :pos  A>  ca’  (A  or  B)  ( Cp]  D1  p  pi)  ( [n]  orl’  (El  n)  (E2  n)  n) 

(Dl’  pi)) 

<-  ca’  A  Di’  El’  F. 


N3 

r  — >  A,(AvAi),A 

- VRi 

T—>  (AVAi),A 

N2 

=$■  r  — >  a 
n3 

r,A— »A,(AvAi),A  ^  N ^  Ni 

r,A— >(AvAi),A  ®  r,  A,  (A  V  Ai)  — )•  A  =>  T,A—+A 


N4 

MAVAO.A 


N5 

r,  (A  V  Ai),  Ai 


0 


TJAVAi) 


■VI 


n3 

r  — ■>  (A  VAi),A,A  <g> 


N4  Ns 

r,  (A  V  Ai),  A  — »  A,  A  r,  (A  V  Ai),  Ai  — )■  A,  A 

T,  (A  V  Ai)  — y  A,  A 


VI 


N 

r — »  a,  a 


N  Nx 

r-^A,A  ®  r, a  — a 


n2 

r  — >•  a 
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ca_or2 ’  : 

ca’  (A  or  B)  ([p]  orr2’  (D2  p)  p)  (  [n]  orl’  (El  n)  (E2  n)  n)  F 

<-  ({n2:neg  B}  ca'  (A  or  B)  ([p]  orr2’  (D2  p)  p)  ( [n]  E2  n  n2)  (E2’  n2)) 
<-  ({p2:pos  B}  ca’  (A  or  B)  ([p]  D2  p  p2)  ( [n]  orl’  (El  n)  (E2  n)  n) 

(D2’  p2) ) 

<-  ca’  B  D2’  E2 ’  F. 


N3 

F  — A,  (Ai  V  A),  A 

- vr2 

r— >(AiVA),A 

Ni 

=>  r  — >  a 
n3 

T,A^A,(A1VA),A 

- Vi?2  N 5  Nl 

T,A— ->(AiVA),A  0  r,  A,  (Ai  V  A)  — v  A  =►  T,A—>  A 


N4 


n5 

r,(A!VA),A 


0 


r,  (Ai  V  A)  — )■  A 


■VI 


n3 

T  — >  (Ai  VA),A,A  0 
N 

=>  r— >a,a 


n4  n5 

r,  (A\  V  A),Ai  — *•  A,  A  r,  (Aj  V  A),  A  — >  A,  A 

.  r,  (A1VA)—^A,A 


■VI 


N  Ni  N2 

r— >  a,a  0  r,A  — *• a  =►  r  — *•  a 
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STRUCTURAL  CUT  ELIMINATION 


ca_not ’  : 

ca’  (not  A)  ( [p]  notr’  (D1  p)  p)  ( [n]  notl’  (El  n)  n)  F 

<-  ({pl:pos  A>  ca’  (not  A)  ( [pH  notr’  (D1  p)  p)  ( [n]  El  n  pi)  (El’  pi)) 
<-  ({nl:neg  A>  ca’  (not  A)  ([p]  D1  p  nl)  ([n]  notl’  (El  n)  n)  (Dl’  nl)) 
<-  ca’  A  El’  Dl’  F. 


N3 

T,  A  — ¥  ~,(A),  A 


->R 


N4 

I\  ->(A)  — ¥  A,  A 


I  (A),  A  0  I\-.(A)  — ►  A 


n2 

r  — ¥  A 


N3 

r,  A  — ¥  -■(A),  A,  A 


R 

(A),  A,  A  0  I\-n(A)— >A,A 


N 

r  — >  a,  a 


n3 


Na 

r ,  A,  -■(A)  ¥  A,  A 


r,  A — »-->(A),A  0  r,  A, ->(A) — ¥  A 


Ni 

r,  a  — >  a 


N  Ni 

r— >A,A  0  r,A  — > a 


n2 

r  — >  a 


ca_forall’  : 

ca’  (forall  A)  ( [p]  forallr’  (Dl  p)  p)  ([n]  foralll’  T  (El  n)  n)  F 

<-  ({nl}  ca’  (forall  A)  ( [p]  forallr’  (Dl  p)  p)  ( [n]  El  n  nl)  (El’  nl)) 

<-  ({pi}  ca’  (forall  A)  ([p]  Dl  p  T  pi)  ( Cn3  foralll’  T  (El  n)  n)  (Dl’  pi)) 
<-  ca’  (A  T)  Dl’  El’  F. 


N3a  N4 

r — ¥  Aa,(Vx.  Ax),  A  I\  (Vx.  Ax),  At — ¥  A 

- VRa  - — VL 

r — ¥  (Vx.  Ax),  A  0  r,  (Vx.  Ax) — ¥  A 


N3a 

r,  At  y  Aa,  (Vr.  Ax),  A  _  ^  ^ 

T,At — ¥  (Vx.  Ax),  A  0  r,  At,  (Vx.  Ax) — ¥  A  =>  T,At — ¥  A 


r 


N3t 

(Vx.  Ax),  At,  A 


0 


N4 

T,  (Vx.  Ax),  At — ¥  At,  A 

- -VL 

T,(Vx.  Ax)  — ¥  At,  A 


r 


0 
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ca_exists’  : 

ca’  (exists  A)  ( [p]  existsr’  T  (D1  p)  p)  ( [n]  existsl’  (El  n)  n)  F 

<-  ({nl>  ca’  (exists  A)  (Cp]  existsr’  T  (D1  p)  p)  ( [n]  El  n  T  nl)  (El’  ni)) 
<-  ({pl>  ca’  (exists  A)  ( Cp]  D1  p  pi)  ( [n]  existsl’  (El  n)  n)  (Dl’  pi)) 

<-  ca’  (A  T)  Dl’  El’  F. 


N3 

T  — y  At,  (3x.  Ax),  A 


-3R 


N4a 

T,  (Be.  Ax),  Aa  — y  A 


T — y  (3a;.  Ax),  A  0  r,(3x.Aar) — >  A 


•3  La 


N2 

T  — y  A 


N3 

T,At — y  At,(3x.  Ax),A 

- 3R  N4t 

T,  At — y  (3x.  Ax),  A  0  I\  At,  (3x.  Ax) — y  A 


Ni 

T.At  — y  A 


N3 


N4a 

T,  (3a;.  Ax),Aa  — y  At,  A 


T — y  (3a;.  Ax),  At,  A  0  T,(3a;.Aa;) — y  At,  A 


■3  La 


N 

T  — y  At,  A 


N  Ni  N2 

r — >  At,  A  0  T,At — y  A  =>  T — y  A 

Right  Commutative  Conversions.  Here  the  cut  formula  is  a  side  formula  of  the  last  inference  in  £ . 
car_axiom’  :  ca’  A  D  ([n]  axiom’  N  P)  (axiom’  N  P). 


N 


T,Ai — y  A, A\,A  0  r,Ai,A — yAi,A  =A  r,Ax — >-Aj,A 
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STRUCTURAL  CUT  ELIMINATION 


car_andr’  : 

ca’  AD  ([n]  andr’  (El  n)  (E2  n)  P)  (andr’  F1.F2  P) 
<-  ({pl:pos  Bl}  ca’  A  D  ([n]  El  n  pi)  (FI  pi)) 

<-  ({p2:pos  B2}  ca’  AD  ([n]  E2  n  p2)  (F2  p2)). 


N3 


Ni 


N 


T,A1  -^A2,(42AA),A  r,Aa  — >  A,(A2AA),A 


T — >  Ai,  (A2  A  A),  A  0 


T,A1-*{A2AA),A 


•A  R 


n4 


r  — y  A2,  (A2  A  A),  A 


n2 

r— 4A,(a2aa),a 


(a2  a  A),  a 


-A  R 


N  N3 

T  — )■  Ai,A2)(A2  A  A),  A  0  r,Aj  — »  A2)(A2  A  A),  A 


Na 

r  — a2  ,  (  a2  a  a)  ,  a 


N  Nx 

r— 4  Ai,A,(A2A  A),A  0  r,Aj  — >  A,(A2  A  A),  a 


n2 

r  — y  A,  (A2  A  A),  A 


car_andll’  : 

ca’  A  D  ([n]  andll’  (El  n)  N)  (andll’  FI  N) 

<-  (-[nl:neg  Bl}  ca’  A  D  ( [n]  El  n  ni)  (FI  ni)). 


N 


Nx 

F,  (A  A  A2),  Ai,  A  — >  A 


r,  (A  A  A2)  — y  Ax,  A  0  r,  (A  A  A2),  Ai  — y  A 


-ALi 


N2 

T,  (A  A  A2),  A  — y  A 
T,  (A  A  A2)  — >  A 


-  Ail 


TV  TVX 

r,(AAA2),A— ►Ai.A  0  r,  (A  A  A2),  A,Ai  — >  A 


N2 

T,  (A  A  A2),  A  — >  A 


car_andl2 ’  : 

ca’  AD  ([n]  andl2 ’  (E2  n)  N)  (andl2»  F2  N) 

<-  ({n2:neg  B2}  ca’  A  D  ( [n]  E2  n  n2)  (F2  n2)). 


N 


Nx 

T,  (A2  A  A),  Ai,  A  — y  A 


A  L2 


r,  (A2  A  A) — yAx,A  0  r,  (A2AA),Ai — y  A 


n2 

r,  (A2  A  A),  a  — >  A 
T,  (A2  a  A)  — y  A 


-  A L2 


N  Nx 

r,  (A2  A  A),  A  — y  Ax,  A  0  r,  (A2  A  A),  A,  Ai  — y  A 


n2 

T,  (A2  A  A),  A  — y  A 
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car _ impr’  : 

ca’  AD  ([n]  impr’  (El  n)  P)  (impr’  FI  P) 

<-  ({nl:neg  Bl>  {p2:pos  B2> 

ca’  AD  ([n]  El  n  nl  p2)  (FI  nl  p2)). 

Aj  N2 

T,A2,A  — >Ai,(AdAi),A  r,A— >Ai,(AdAi),A 

N  - - Di? 

r  — > a2,(ad Ai), a  0  r\A2— kada^.a  =>  r— ►(adao.a 


A 


T,A — >  A2,  Ai,  (A  D  Ai),  A  0  r,A,A2 


A, 

A1,(ADA1),A 


a2 

r,A— >Au{ADAi),A 


car_impl ’  : 

ca ’  AD  ([n]  impl’  (El  n)  (E2  n)  N)  (impl’  FI  F2  N) 
<-  ({pl:pos  Bl}  ca’  A  D  ( [n]  El  n  pi)  (FI  pi)) 

<-  (-(n2:neg  B2}  ca’  A  D  ( [n]  E2  n  n2)  (F2  n2)). 


A 


A3 

r,(A2DA),Ai—>A2,A 


Ni 

T,(A2dA),AuA 


T,  (A2  D  A)  — >  Ai,  A  0 

y4 


r,  {a2  d  a),  Ai 


O  L 


r,  (a2  d  a)  — >  a2,a 


n2 

r ,  (a2  d  a),  a 


T,  (As  D  A) 


■dl 


A  A3 

r,  (A2  D  A)  — y  Ai ,  A2,  A  0  r,(A2D  A),Ai  — ►  A2,A 


a4 

r,  (A2  D  A)  — >■  A2,  A 


A  Aj 

r,  (A2  d  A),  A  — >  Ai,  A  0  r,(A2DA),A,Ai  — »  A 


a2 

r,(A2  3  A),  A  — >  A 


car_orrl ’  : 

ca’  AD  ([n]  orrl’  (El  n)  : 
<-  ({pl:pos  Bl>  ca’  A  D 


A 

r  — >  a1,(ava2),a  0 


)  (orrl’  FI  P) 

([n]  El  n  pi)  (FI  pi)). 

Ni 

T,Ai  — ►  A,(AVA2),A 

- Vi?! 

r,  Ai  — »  (A  V  A2),  A 


A2 

r  — >  A,(A  va2),a 

- Vi?i 

r  — »  (A  V  A2),  A 


A 

Ai,A,(AvA2),A 


Ai 

r,Ai  — >a,(ava2),a  =► 


r 


a2 

r-^A,(AYA2),A 
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STRUCTURAL  CUT  ELIMINATION 


car_orr2’  : 

ca’  AD  ([n]  orr2’  (E2  n)  P)  (orr2’  F2  P) 

<-  ({p2:pos  B2}  ca’  AD  ( [n]  E2  n  p2)  (F2  p2)), 


TV 


Ai 

r,Ai  — »•  A,(A2  VA),A 


r — >a1,(a2va),a  0  r,Ai — >(a2va), a 


VR2 


n2 

r  — *  A,  (As  VA),A 
r  — >  (a2va),  a 


■vr2 


TV  Ai 

r — >•  AltA,{A2  V  A),  A  0  r,Ai — >■  A,  (A2  V  A),  A 


N2 

r— >a,(a2va),a 


car_orl ’  : 

ca’  AD  ([n]  orl’  (El  n)  (E2  n)  N)  (orl’  FI  F2  N) 
<-  (-[nl:neg  Bl>  ca’  A  D  ( [n]  El  n  nl)  (FI  ni)) 
<-  (-Cn2:neg  B2}  ca’  AD  ( [n]  E2  n  n2)  (F2  n2)). 


TV 


N3  Ai 

r,  (A2  V  A),Ai,A2  — >  A  T,(A2V  A),Ai,A 


■ML 


r,(A2vA) — >AUA  0 
N4 


T,  (A2  V  A),  Ai  — >  A 


r,  (a2  v  a),a2  — >  a 


n2 

r,  (A2  V  A),  A  — >  A 


■ML 


I\(A2VA) 


TV  N3 

r\(A2VA),A2  — +  Ai,A  0  r,  (A2  V  A),A2,Ai  >  a  =►  r,  (A2  V  A),  A2  >  A 

TV  Ni  N2 

T,{A2M  A),A— 4  Ai,A  0  r ,  ( A2  M  A),  A,  A\  — >  A  =►  T,  (A2  V  A),  A  >  A 


car_notr’  : 

ca’  AD  ([n]  notr’  (El  n)  P)  (notr’  FI  P) 

<-  (-Cnl:neg  Bl>  ca’  A  D  ( [n]  El  n  nl)  (FI  nl)). 

Ni 

Ar  r,  A1;  A  >  ->(A),  A 

TV  - - - >R 

r— 4Ai,-i(A),A  0  T,  Ai  — >  “'(A),  A 

TV  Ni  N2 

r,A  — >  A!,->(A),A  0  r.A.Ai  — >--(A),A  =»  r,A — ^->(A),A 


n2 


r,A 


’(A),  A 


1(A),  A 


-i? 
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car.notl ’  : 

ca’  AD  ([n]  notl’  (El  n)  N)  (notl1  FI  N) 

<-  ({pl:pos  Bl>  ca’  A  D  ([n]  El  n  pi)  (FI  pi)). 


N 


Nt 

r,-.(A),Ai  - 


A,  A 


r, -,(A)  — ¥  Ai,  A  0  r,-,(A),A1 


n2 

r >  “’(A)  — >  A,  A 
- 1 L 

r,-’(A)  — ¥  a 


N  Ni 

r,-.(A)  — >AUA,A  0  r,-(A),Ai- 


n2 

A,  A  =>  r,-.(A)— >A,A 


car .truer’  : 

ca’  AD  ([n]  truer’  P)  (truer’  P) . 


r 


N  - T  R 

A,  T,  A  0  r,  A  — >•  T ,  A 


T,  A 


T  R 


car.falsel’  : 

ca’  AD  ([n]  falsel’  N)  (falsel’  N) . 


N  _ 

r,± — > a, a  0  r,±,A' 


■LL 


r,-L 


■LL 


car.f orallr  ’  : 

ca’  A  D  ([n]  forallr’  (El  n)  P)  (forallr’  FI  P) 
<-  (-Ca:i>  {pl:pos  (B1  a)> 

ca’  AD  ([n]  El  n  a  pi)  (FI  a  pi)). 


N 


Nia\ 

T,  Ai  — >  Aai,  (Vr.  Ax),  A 


T — ¥  Ai,  (Vx.  Ax),  A  0  r,Ai — ¥  (Vx.  Ax),  A 


-VRai 


N2ai 

T  — ¥  Aai,  (Vx.  Ax),  A 
T  — ¥  (Vx.  Ax),  A 


N  Nia 

T — >•  Ai,Aa,  (Vx.  Ax),  A  0  T,  Ax — ¥  Aa,  (Vx.  Ax),  A 


N2a 

T  — ¥  Aa,  (Vx.  Ax),  A 


car.foralll’  : 

ca’  AD  ([n]  foralll’  T  (El  n)  N)  (foralll’  T  FI  N) 
<-  ({nl}  ca’  A  D  ( (n]  El  n  nl)  (FI  ni)). 


VRai 
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STRUCTURAL  CUT  ELIMINATION 


N 


F,  (Vx.  Ax) 


Ax, A 


<8> 


N! 

T,(\/x.Ax),A1,At—yA 

- VL 

r,(Vx.  Ax),A1  — y  A 


n2 

T,  (Vx.  Ax),  At  — y  A 

- VL 

r,  (Vx.  Ax)  — *  A 


N 

r,  (Vx.  Ax),  At 


Ai,  A  0 


Ni 

T,  (Vx.  Ax),  At,  Ai 


n2 

r,  (Vx.  Ax),  At 


car_existsr’  : 

ca’  AD  ([n]  existsr’  T  (El  n)  P)  (existsr’  T  FI  P) 
<-  ({pi}  ca’  A  D  ([n]  El  n  pi)  (FI  pi)). 


N 


Ni 

T,  Ai  — >  At,  (3x.  Ax),  A 


T — y  Ai,  (3x.  Ax),  A  0  I\Ai — >(3x.Ax),A 


-3R 


N2 

T  — y  At,  (3x.  Ax),  A 
F  — y  (3x.  Ax),  A 


-3  R 


N  Nx 

T — y  Ax,At,{3x.  Ax),  A  0  F,  Ai  — >  At,  (3x.  Ax),  A 


N2 

T  — y  At,  (3x.  Ax),  A 


car_existsl’  : 

ca’  AD  ([n]  existsl’  (El  n)  N)  (exists!. '  FI  N) 
<-  ({a:i>  {nl:neg  (B1  a)} 

ca’  AD  ([n]  El  n  a  nl)  (FI  a  nl)). 


N 

T,  (3x.  Ax)  - 


Nidi 

T,  (3x.  Ax),  Ai,  Aaj 
Ai,  A  0  T,  (3x.  Ax),  Ai — 


■3Lai 


N2a\ 

T,  (3x.  Ax),  Aa\  — y  A 

- 3£«i 

T,  (3x.  Ax)  — y  A 


TV  JVia  N2a 

T,(3x.  Ax),  Aa — y  A\,  A  0  T,  (3x.  Ax),  Aa,  Ax — y  A  =>  T,  (3x.Ax),Aa — 5- A 

Left  Commutative  Conversions.  Here  the  cut  formula  A  is  a  side  formula  of  the  last  inference  in 
V. 


cal_axiomJ  :  ca’  A  ( [p]  axiom’  N  P)  E  (axiom’  N  P). 


N 


f,  Ai  — y  A,  Ai,  A  0  r,A!,A— yAuA 


I 


A  DETAILED  ADMISSIBILITY  PROOFS  FOR  CUT 
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cal_andr ’  : 

ca’  A  ( [p]  andr’  (D1  p)  (D2  p)  P)  E  (andr’  FI  F2  P) 
<-  ({pl:pos  Bl>  ca’  A  ( [p]  D1  p  pi)  E  (Fi  pi)) 

<-  ({p2:pos  B2l  ca’  A  ( [p]  D2  p  p2)  E  (F2  p2)). 


N3  N 

As,  Ai,  (As  A  A),  A  V — y  A,  Ai,  (As  A  A),  A 

r— 4  Ai,(A2AA),A 


•A  R 


0>  T,Ai 


Nx 

>  (As  A  A),  A 


N4  n2 

r  — y  A2,  (A2  A  A),  A  r  — ->  A,  (As  A  A),  A 

r  —4  (As  A  A),  A 


A  R 


Ns  Nx  N4 

r— 4A1,A2,(A2AA),A  0  T,Ax  -4  As,(A2AA),A  =>  As, (As  A  A),  A 


N  Nx  Ns 

r  — >  Ax ,  A,  (A2  A  A),  A  0  I\  Ax  — ^  A,  (As  A  A),  A  — >  T  y  A,  (As  A  A),  A 


cal_andll’  : 

ca’  A  ( Cp]  andl i ’  (D1  p)  N)  E  (andll’  FI  N) 

<-  ({nl:neg  Bl>  ca’  A  ( Cp]  D1  p  nl)  E  (FI  nl)). 


N 

T,  (A  A  As),  A — »Ai,A 

- Mx  yVl 

r,  (A  A  As)  — >  Ax,  A  0  r,  (A  A  A2),Ax  — >  A 


Ns 

T,(AAAs),A— y  A 

- - -  ALx 

r,  (A  A  As)  — >  A 


N 

T,  (A  A  As),  A 


Ax, A  0 


Nx 

T,  (A  A  As),  A,  Ax 


Ns 

T,  (A  A  As),  A 


cal_andl2 ’  : 

ca’  A  ([p]  andl2 ’  (D2  p)  N)  E  (andl2’  F2  N) 

<-  ({n2:neg  B2>  ca’  A  ( Cp]  D2  p  n2)  E  (F2  n2)). 


N 

T,(A2AA),A — >Ai,A 

- — - ALs  ^ 

r,  (As  A  A)  — y  Ax ,  A  0  r ,  (As  A  A) ,  Ai  — y  A 


Ns 

T,  (As  A  A),  A  — y  A 
T,  (As  A  A)  —4  A 


■  AL2 


N  Nx 

r,  (As  A  A),  A  — y  Ax ,  A  0  r,  (A2  A  A),  A,Ai  — 4  A 


N2 

T,  (A2  a  A),  A  — y  A 
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cal_impr’  : 

ca’  A  ( Cp]  impr *  (D1  p)  P)  E  (impr’  FI  P) 

<-  ({nl  :neg  Bl>  {p2:pos  B2> 

ca’  A  (Cp]  D1  p  nl  p2)  E  (Fi  nl  p2)). 


N 

r ,A — ¥  Ai,  A2,  (A  D  Aj),  A 

- —  dr 

r  — ¥  A2,  ( A  D  Ax),  A  0  r,  A2  ¥  (A  D  Ai),  A 


n2 

r,A— ¥Ax,(ADAi),A 
r  — >  (A  D  Ai),  A 


■JR 


N  Nx 

r,  A  — ¥  A2,  Ai,  (A  D  Ai),  A  0  T,  A,  A2  — ¥  A1;  (A  D  Ax),  A 


N2 

T,A^  Ax, {AD  Ax), A 


cal_impl ’  : 

ca’  A  ( Cp]  impl ’  (Di  p)  (D2  p)  N)  E  (impl’  FI  F2  N) 
<-  ({pl:pos  Bl>  ca’  A  (Cp]  Dl  p  pi)  E  (FI  pi)) 

<-  ({n2:neg  B2}  ca’  A  ( Cp]  D2  p  n2)  E  (F2  n2)). 


N3  N 

r)(A2  DA)  — ¥  A2jAi,A  r,(A23  A),A— »Ax,A 

~  r,  (A2  d  A)  — >  Ai,  A 


DL 


<0 


Nx 

r,{A2DA),Ax—¥A 


a4  a2 

r,  (a2  d  a)  — ¥  a2,  a  r,(A2  dA),a  — *  a 

r,  (a2  d  a)  — >  A 


Di 


N3  Nx  Na 

r,  (a2  d  a) — ¥  A\ ,  a2,  a  0  r,  (a2  d  a),Ai — >-a2,a  =>  t,{a2dA) — >a2,a 


TV  (Vi  N2 

r,  (A2  D  A),  A — >Ai,A  0  r,(A2  dA),A,Ai — A  =>  r,  (A2dA),A — >  A 


cal_orrl’  : 

ca’  A  (Cp]  orrl ’  (Dl  p)  P)  E  (orrl’  FI  P) 

<-  ({pi :pos  Bl>  ca’  A  ( Cp]  Dl  p  pi)  E  (FI  pi)). 


N 

r— *-a,Ai,(ava2),a 

- -VRx 

r  — >  Ai,(ava2),a  0 


r.Ax 


Nx 

(A  V  A2),  A 


n2 

V  — »  A,(AVA2),A 
- VRi 

r  — (A  v  a2),  a 


Ai 


N 

A,  (A  V  A2),  A 


0  r,  Ai 


Nx 

■  A,(AVA2),  A 


n2 

A,  (A  V  A2),  A 


A  DETAILED  ADMISSIBILITY  PROOFS  FOR  CUT 
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cal_orr2  ’  : 

ca’  A  ( Cp]  orr2’  (D2  p)  P)  E  (orr2’  F2  P) 

<-  ({p2:pos  B2>  ca’  A  C Cp]  D2  p  p2)  E  (F2  p2)). 


A 

r  — >  A,Ai,  (A2  V  A),  A 

- VR2 

r— +  Ai,(a2va),a  0 


r.Aj 


Yi 

•  (A2VA),A 


a2 

r— ►  a,(a2  va),a 

- Vi?2 

r— >  (a2  va),a 


A  Ni 

Ai,A,(A2VA),A  0  r,Ai  — >  A,(A2VA),A 


a2 

A,  (A2  V  A),  A 


cal_orl ’  : 

ca’  A  ([p]  orl’  (D1  p)  (D2  p)  N) 
<-  ({ni:neg  Bl>  ca’  A  ( Cp]  D1 
<-  ({n2:neg  B2}  ca’  A  (Cp]  D2 


E  (orl’  FI  F2  N) 
p  nl)  E  (FI  nl)) 
p  n2)  E  (F2  n2) ) . 


n3  n 

I\(A2VA),A2  — »Ai,A  L,  (A2  V  A),  A  — )•  Ai,  A 


r,(A2  VA)  — ►  Ai,A 


VL 


Ni 

r,  (A2  V  A),  A\ 


A 


a4  n2 

r,  (A2  V  A),  A2  — >  A  F,(A2VA),A— *a 

r,  (A2  V  A)  — >  A 


VL 


A3  Ai  A4 

r,  (A2VA),A2 — >Ai,A  0  r,(A2  VA),A2,Ai — )■  A  ==»  r,  (A2VA),A2 — s-A 


A  Ai  A2 

r,(A2VA),A— 4Ai,A  0  r,  (A2  V  A),  A,  A4  — A  =»  r,  (A2  V  A),  A  — >•  A 


cal_notr’  : 

ca’  A  (Cp]  notr’  (D1  p)  P)  E  (notr’  FI  P) 

<-  ({nlineg  Bl>  ca’  A  (Cp]  D1  p  nl)  E  (FI  nl)). 

A 

r,A— >Aj,-.(A),A 

- ,R  N 1 

r— >Ai,-.(A),A  0  r,A!— ■>  -.(A),  A 


a2 


r,  A  — >  -i(A),  A 
r— +n(A),A 


r,A 


A 

^1)' 


Ai 


a2 


’(A),  A  0  r,  A,  Ai 


.(A),  A 


r,A 


'’(A),  A 
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caljnotl  ’  : 

ca>  A  CCp]  notl ’  (Di  p)  N)  E  (notl’  FI  N) 

<-  (-[pl:pos  Bl>  ca’  A  ( [p]  Dl  p  pi)  E  (FI  pi)). 

N  N2 

r,  ->(A)  — *  A,  At,  A  AT  r,-(A)— >A,A 

r,i(i4) — *■  Ai,  A  0  r,-.(A),Ai — >A  =>  I\->(A) — ¥  A 

N  Nx  N2 

r,-.(A) — ►  Ai.A.A  0  r,  -i(A),  Ai  — ¥  A,  A  =»  r,->(A)  ¥  A,  A 


cal_truer’  : 

ca’  A  ([p]  truer’  P)  E  (truer’  P) . 

- T  R  N  - -T  R 

r  — >  a,t,a  0  r,  A  — ¥  T,  A  =*•  r  — >  T,A 


cal_falsel’  : 

ca’  A  ([p]  falsel ’  N)  E  (falsel’  N) . 


r,x 


A,  A 


■JlL 


0 


N 

r,  jl,  a  - 


1 L 


cal_forallr’  : 

ca’  A  ([p]  forallr ’  (Dl  p)  P)  E  (forallr’  FI  P) 
<-  ({a:i>  {pl:pos  (B1  a)} 

ca’  A  ([p]  Dl  p  a  pi)  E  (FI  a  pi)). 


Na  i 

r — ¥  Aai,  Alt  (Vx.  Ax),  A 

- VRai  7Vl 

r — ¥  Ai,(V*.  Ax),  A  0  r,Ai — >(Vx.Ax),A 


N2a\ 

F  — ¥  Aa x ,  (Vx.  Ax),  A 


T  — >  (Vx.  Ax),  A 


Na 

■  Ax,  Aa,  (Vx.  Ax),  A 


r.  a  i 


Nx 


N2a 

Aa,  (Vx.  Ax),  A 


cal_foralll’  : 

ca’  A  ([p]  f oralll ’  T  (Dl  p)  N)  E  (foralll’  T  FI  N) 
<-  ({nl>  ca’  A  (Cp]  Dl  p  nl)  E  (FI  nl)). 


VRfll 
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N 

T,{Vx.Ax)1At—>A1,A 

- ML 

r,  (Vx.  Ax)  — y  Ai,  A  0  r,  (Vx.  Ax),  Ai  — y  A 


n2 

T,  (Vx.  Ax),  At  — y  A 
T,  (Vx.  Ax)  — y  A 


■ML 


N  Ni 

r,  (Vx.  Ax),  At — >■  Ai,  A  0  r,  (Vx.  Ax),  At,  Ai — y  A 


N2 

r,  (Vx.  Ax),  At — y  A 


cal_existsr’  : 

ca’  A  ([p]  existsr’  T  (D1  p)  P)  E  (existsr’  T  Fi  P) 
<-  «pl>  ca’  A  ([p]  Di  p  pi)  E  (FI  pi)). 


N 

r — >■  ALAi,(3x.  Ax),  A 

- Ai 

r — )■  Ai,(3x.  Ax),  A  0  r,Ai — >  (3x.  Ax),  A 


N2 

F  — y  At,  (3x.  Ax),  A 

- 

T  — >-(3x.  Ax),  A 


N 

T — y  Ai,  At,  (3x.  Ax),  A  0  T,Ai 


Ai 

At,  (3x.  Ax),  A 


N2 

■  At,  (3x.  Ax),  A 


cal_existsl’  : 

ca’  A  ([p]  existsl ’  (Dl  p)  N)  E  (existsl’  FI  N) 
<-  ({a:i>  {nl:neg  (B1  a)> 

ca’  A  (tp]  Dl  p  a  nl)  E  (FI  a  ni)). 


Nai 

r,  (3x.  Ax),  Aai — >■  Ai,  A 

- 3La' 

r,(3x.  Ax)  —¥  Ai,A  0  r,  (3x.  Ax),Ai  — )■  A 


N2a\ 

T,  (3x.  Ax),  Aai  — >  A 
T,  (3x.  Ax)  — y  A 


-3  L01 


Na  Ni 

r,(3x.  Ax),  Aa — )-Ai,A  0  T,  (3x.  Ax),  Aa,  Ai — y  A 


N2a 

T,  (3x.  Ax),  Aa  — y  A 


B  Cut  Elimination 

In  this  appendix  we  define  intuitionistic  and  classical  sequent  calculi  with  a  primitive  rule  of  cut  and 
show  that  they  can  be  translated  to  cut-free  derivations.  In  both  cases  the  proof  is  a  straightforward 
induction  on  the  structure  of  derivations,  taking  advantage  of  admissibility  of  cut  in  the  cut-free 
system. 
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B.l  Intuitionistic  Calculus 

We  use  T  — >4.  C  for  sequents  in  the  system  G3  with  cut  which  is  obtained  by  adding 

r— i+A  r,A— 

- - - Cut 

r^+c 

to  the  rules  of  the  cut-free  system  G3.  With  proof  terms  this  rule  reads 

T-^+d:A  T,h:A—++e:C 

- 1 - - - Cut. 

T  — >+  cut  d  (A h:A.  e)  :  C 

In  order  to  represent  derivations  in  G3  we  introduce  another  judgment,  cone*  A,  rename  all 
the  rules  for  the  cut-free  calculus  and  add 

cut*  :  {A:o}  cone*  A 

->  (hyp  A  ->  cone*  C) 

->  cone*  C. 

The  complete  implementation  is  given  below.  Note  that  we  do  not  need  to  rename  the  hypothesis 
judgment  hyp,  since  hypothesis  play  the  same  role  in  both  systems.  The  main  lemmas  concerning 
G3  such  as  weakening,  contraction,  substitution,  and  the  adequacy  of  the  encoding  follow  as  before. 

cone*  :  o  ->  type. 

cut*  :  {A:o}  cone*  A 

->  (hyp  A  ->  cone*  C) 

->  cone*  C. 

axiom*  :  (hyp  A  ->  cone*  A) . 

andr*  :  cone*  A 

->  cone*  B 
->  cone*  (A  and  B) . 

andll*  :  (hyp  A  ->  cone*  C) 

->  (hyp  (A  and  B)  ->  cone*  C) . 

andl2*  :  (hyp  B  ->  cone*  C) 

->  (hyp  (A  and  B)  ->  cone*  C) . 

impr*  :  (hyp  A  ->  cone*  B) 

->  cone*  (A  imp  B). 

impl*  :  cone*  A 

->  (hyp  B  ->  cone*  C) 

->  (hyp  (A  imp  B)  ->  cone*  C) . 

orrl*  :  cone*  A 

->  cone*  (A  or  B). 


B  CUT  ELIMINATION 
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orr2*  :  cone*  B 

->  cone*  (A  or  B). 

orl*  :  (hyp  A  ->  cone*  C) 

->  (hyp  B  ->  cone*  C) 

->  (hyp  (A  or  B)  ->  cone*  C) . 

notr*  :  ({p:o>  hyp  A  ->  cone*  p) 

->  cone*  (not  A) . 

notl*  :  cone*  A 

->  (hyp  (not  A)  ->  cone*  C) . 

truer*  :  cone*  (true) . 

f alsel*  :  (hyp  (false)  ->  cone*  C) . 

forallr*  :  ({a:i>  cone*  (A  a)) 

->  cone*  (f orall  A) . 

foralll*  :  {T:i>  (hyp  (A  T)  ->  cone*  C) 

->  (hyp  (f orall  A)  ->  cone*  C). 

existsr*  :  {T:i>  cone*  (A  T) 

->  cone*  (exists  A) . 

existsl*  :  ({a:i>  hyp  (A  a)  ->  cone*  C) 

->  (hyp  (exists  A)  ->  cone*  C). 

The  theorem  of  cut  elimination  explicitly  relates  derivations  in  G3  to  G3. 

Theorem  8  (Cut  Elimination)  If  V*  ::  (r  — >+  d*  :  C)  is  a  derivation  in  G3  then  there  exists 
a  cut-free  derivation  V  ::  (r  — ¥  d  :  C )  in  G3. 

Proof:  By  structural  induction  on  d.  When  the  last  inference  R  is  not  a  cut  we  appeal  to  the 
induction  hypothesis  on  the  premise(s)  of  the  last  inference  and  combine  the  resulting  cut-free 
derivation  (s)  with  R.  If  the  last  inference  is  a  cut  we  generate  cut-free  derivations  of  the  premises 
by  induction  hypothesis  and  then  use  admissibility  of  cut  to  obtain  a  cut-free  derivation  for  the 
conclusion.  n 

This  proof  is  implemented  by  a  relation  between  sequent  derivations  in  the  system  with  cut  and 
sequent  derivations  in  the  system  without  cut.  We  use  the  convention  that  variables  whose  name 
ends  in  a  star  (*)  represent  derivations  that  may  contain  cut. 

ce  :  cone*  C  ->  cone  C  ->  type. 

ce_cut  :  ce  (cut*  A  Dl*  D2*)  D 
<-  ce  Dl*  Dl 

<-  ({hi: hyp  A}  ce  (D2*  hi)  (D2  hi)) 

<-  ca  A  Dl  D2  D. 
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ce_axiom  : 

ce  (axiom*  H)  (axiom  H) . 

ce_andr  : 

ce  (andr*  Di*  D2*)  (audr  Di  D2) 

<-  ce  DI*  DI 

<-  ce  D2*  D2 . 

ce_andl 1  : 

ce  (andll*  DI*  H)  (andll  DI  H) 

<-  ({hl:hyp  A>  ce  (Di*  hi)  (Di  hi)). 

ce_andl2  : 

ce  (andl2*  D2*  H)  (andl2  D2  H) 

<-  ({h2:hyp  B>  ce  (D2*  h2)  (D2  h2)). 

ce_impr  : 

ce  (impr*  Di*)  (impr  DI) 

<-  (-(hi: hyp  A>  ce  (Di*  hi)  (DI  hi)). 

ce_impl  : 

ce  (impl*  Di*  D2*  H)  (impl  DI  D2  H) 

<-  ce  Di*  Di 

<-  ({h2:hyp  B>  ce  (D2*  h2)  (D2  h2)). 

ce_orrl  : 

ce  (orri*  Di*)  (orrl  Di) 

<-  ce  DI*  DI. 

ce_orr2  : 

ce  (orr2*  D2*)  (orr2  D2) 

<-  ce  D2*  D2. 

ce_orl  : 

ce  (orl*  Di*  D2*  H)  (orl  Di  D2  H) 

<-  ({hl:hyp  A}  ce  (DI*  hi)  (Di  hi)) 

<-  ({h2:hyp  B>  ce  (D2*  h2)  (D2  h2)). 

ce_notr  : 

ce  (notr*  Di*)  (notr  Di) 

<-  ({p:o>  {hi: hyp  A>  ce  (Di*  p  hi)  (Di  p 

hi)). 

ce_notl  : 

ce  (notl*  DI*  H)  (notl  Di  H) 

<-  ce  Di*  Di. 

ce_truer  : 

ce  (truer*)  (truer). 

ce_falsel  : 

ce  (falsel*  H)  (falsel  H) . 

ce_f orallr 

:  ce  (forallr*  DI*)  (forallr  Di) 

<-  {a:i>  ce  (Di*  a)  (Di  a). 

ce_f oralll 

:  ce  (foralll*  T  Di*  H)  (foralll  T  DI  H) 

<-  ({hi}  ce  (Di*  hi)  (Di  hi)). 

ce_existsr 

:  ce  (existsr*  T  Di*)  (existsr  T  Di) 

<-  ce  Di*  DI. 

ce_existsl 

:  ce  (existsl*  DI*  H)  (existsl  DI  H) 

<-  ({a:i>  {hl:hyp  (A1  a)}  ce  (DI*  a  hi) 

(Di  a  hi)). 

B  CUT  ELIMINATION 
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B.2  Classical  Calculus 


We  write  T  — >+  A  for  a  sequent  in  the  classical  system  with  cut  as  a  primitive  rule  of  inference. 
It  is  obtained  by  adding 

p _ ^  A  A  r  A _ ^  A 


r  — >+  a 

to  the  other  rules  of  inference.  With  proof  terms  we  have 


■Cut 


r  -=4+  p:A,  A  r,  n:A  -4+  A 

p  cut  (\p:A.  d)^{Xn:A.  e)  ^ 


Cut 


This  system  continues  to  satisfy  weakening,  contraction,  and  substitution  lemmas.  The  sig¬ 
nature  below  specifies  an  adequate  encoding  of  this  extended  calculus  in  LF.  We  need  a  new 
judgment  <3  that  replaces  #  as  the  type  of  proof  terms  in  the  representation.  We  systematically 
copy  all  declarations  from  the  cut-free  system  (appending  ~  to  their  name)  and  add  the  cut  rule  as 


cut". 

C  :  type. 

cut"  : 

(pos  A  ->  0) 

->  (neg  A  ->  C) 

->  «. 

axiom" 

:  (neg  A  ->  pos  A  ->  C) . 

andr" 

:  (pos  A  ->  0) 

->  (pos  B  ->  C) 

->  (pos  (A  and  B)  ->  C) . 

andll" 

:  (neg  A  ->  C) 

->  (neg  (A  and  B)  ->  C) . 

andl2" 

:  (neg  B  ->  ®) 

->  (neg  (A  and  B)  ->  C). 

impr" 

:  (neg  A  ->  pos  B  ->  C) 

->  (pos  (A  imp  B)  ->  6). 

impl" 

:  (pos  A  ->  0) 

->  (neg  B  ->  C) 

->  (neg  (A  imp  B)  ->  C) . 

orrl" 

:  (pos  A  ->  C) 

->  (pos  (A  or  B)  ->  ®) . 

orr2“ 

:  (pos  B  ->  ®) 

->  (pos  (A  or  B)  ->  fi) . 

orl" 

:  (neg  A  ->  C) 
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->  (neg  B  ->  G) 

->  (neg  (A  or  B)  ->  C) . 

notr"  :  (neg  A  ->  6) 

->  (pos  (not  A)  ->  C) . 

notl"  :  (pos  A  ->  G) 

->  (neg  (not  A)  ->  C) . 

truer"  :  (pos  (true)  ->  C) . 


falsel"  :  (neg  (false)  ->  C) . 


forallr"  :  ({a:i>  pos  (A  a)  ->  C) 

->  (pos  (forall  A)  ->  fl). 

foralll"  :  {T:i>  (neg  (A  T)  ->  C) 

->  (neg  (forall  A)  ->  0) . 

existsr"  :  {T:i>  (pos  (A  T)  ->  C) 

->  (pos  (exists  A)  ->  0). 


existsi" 


({a:i>  neg  (A  a)  ->  C) 

->  (neg  (exists  A)  ->  G) . 


Cut  elimination  follows  by  a  simple  structural  induction  from  the  admissibility  of  cut  in  the 
cut-free  system.  We  present  here  only  the  Elf  code  implementing  this  proof. 


Theorem  9  (Classical  Cut  Elimination)  Let  V  ::  (r  —)■+ 
possibly  containing  cut.  Then  there  exists  a  cut-free  derivation 


A)  be  a  classical  sequent  derivation 

V  ::  (T  -A  A) 


Proof:  By  structural  induction  on  d.  For  each  inference  rule  except  cut  we  apply  the  induction 
hypothesis  to  the  premises  and  then  reconstruct  a  cut-free  derivation  with  the  same  inference  rule. 
In  the  case  of  cut,  we  appeal  to  the  induction  hypothesis  and  then  to  admissibility  of  cut  on  the 
resulting  two  cut-free  derivations.  D 


This  proof  is  implementated  as  a  type  family  relating  derivations  with  cut  to  cut-free  derivations. 
Note  how  the  appeal  to  admissibility  in  the  case  of  a  cut  is  implemented  as  a  call  to  ca’. 


ce’  :  0  ->  #  ->  type. 

ce_cut’  :  ce’  (cut"  D  E)  F 

<-  ({p:pos  A>  ce’  (D  p)  (D’  p)) 
<-  ({n:neg  A>  ce’  (E  n)  (E’  n)) 
<-  ca’  A  D’  E’  F. 


ce_axiom’ :  ce’  (axiom"  N  P)  (axiom’  N  P) . 

ce_andr’  :  ce’  (andr“  D1  D2  P)  (andr’  Dl’  D2’  P) 
<-  (fpi>  ce’  (Di  pi)  (Dl’  pi)) 
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<-  ({p2>  ce’  (D2  p2)  (D2»  p2)). 

ce.andll’:  ce’  (andll*  N1  N)  (andll’  Nl’  N) 

<-  ({nil  ce'  (Nl  nl)  (Nl’  nl)). 

ce_andl2 ’ :  ce'  (andl2*  N2  N)  (andl2’  N2’  N) 

<-  ({n2}  ce’  (N2  n2)  (N2’  n2)). 

ce_impr’  :  ce'  (impr*  D1  P)  (impr’  Dl’  P) 

<-  ({ni}{p2}  ce’  (Dl  nl  p2)  (Dl’  nl  p2)). 


ce_impl’  :  ce’  (impl*  Dl  D2  N)  (impl’  Dl’  D2’  N) 


<-  ({pi}  ce’  (Dl  pi)  (Dl’  pi)) 

<-  ({n2}  ce’  (D2  n2)  (D2’  n2)). 

ce_orrl’  : 

ce’  (orrl*  Dl  P)  (orrl’  Dl’  P) 

<-  ({pi}  ce’  (Dl  pi)  (Dl’  pi)). 

ce_orr2’  : 

ce’  (orr2*  D2  P)  (orr2’  D2’  P) 

<-  ({p2>  ce’  (D2  p2)  (D2>  p2)). 

ce_orl’  : 

ce’  (orl*  Dl  D2  N)  (orl’  Dl’  D2’  N) 
<-  ({nl}  ce’  (Dl  nl)  (Dl’  nl)) 

<-  (-Cn2>  ce’  (D2  n2)  (D2’  n2)). 

ce_notr’  : 

ce’  (notr*  Dl  P)  (notr’  Dl’  P) 

<-  (-Cnll  ce’  (Dl  nl)  (Dl’  nl)). 

ce_norl ’  : 

ce’  (notl*  Dl  N)  (notl’  Dl’  N) 

<-  ({pl>  ce’  (Dl  pi)  (Dl’  pi)). 

ce_truer’ : 

ce’  (truer*  P)  (truer’  P). 

ce_falsel’ : 

:  ce’  (falsel*  N)  (falsel’  N) . 

ce_forallr 

ce’  (forallr*  Dl  P)  (forallr’  Dl’  P) 

<-  ({a:i}  {pl:pos  (A1  a)}  ce’  (Dl  a  pi) 

(Dl’  a  pi)) 

ce_foralll 

ce’  (foralll*  T  Dl  N)  (foralll’  T 
<-  ({nl}  ce’  (Dl  nl)  (Dl’  nl)). 

Dl’  N) 

ce_existsr 

ce’  (existsr*  T  Dl  P)  (existsr’  T 
<-  ({pi}  ce’  (Dl  pi)  (Dl’  pi)). 

Dl’  P) 

ce_existsl 

’:  ce’  (existsl*  Dl  N)  (existsl’  Dl’  N) 

<-  ({a:i}  {nl:neg  (A1  a)}  ce’  (Dl  a  nl) 

(Dl’  a  nl)) 
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